In the field of internal auditing, a comprehensive risk assessment is an integral step towards ensuring the effectiveness of an organization's control environment. The initial phase involves identifying and understanding the various risks that could impact the achievement of organizational objectives. This includes not only financial risks but also operational, compliance, and strategic risks. Once identified, the next step is to assess the likelihood and potential impact of these risks on the organization. This assessment involves a thorough analysis of historical data, industry benchmarks, and the organization's specific risk appetite. Following the risk assessment, auditors move on to designing and implementing control procedures to mitigate the identified risks. These controls can take various forms, such as preventive, detective, or corrective controls, depending on the nature of the risk. Finally, the ongoing monitoring and evaluation of the control environment ensure that the implemented measures remain effective and adaptive to changes in the organization's risk landscape.

What is the primary purpose of the second step in the internal auditing process, where auditors assess the likelihood and potential impact of identified risks?