In terms of governance, we're making sure that we have the right governance processes in place. We want to make sure that there is good oversight, that we have the monitoring and ongoing good planning and good project management.
I gave an example earlier. My background is in IT, wherein as part of normal, everyday managing of risk you look to see what issues are there, what your environment looks like. You make sure that you have your plans in place, that you change them and update them as needed, that you have fall-backs and contingencies where needed, and that you look at any issues that arise for opportunities to adjust your plan to ensure that you mitigate any risk that you see.
The goal in risk identification is always to be up front and ahead of the risks that you identify, so that you can plan for them, in case of something not working exactly as you had planned.