2. Perform audits on the risk management process for the software activities.