risk management

Home/Tag: risk management

Show Me How your Audit Plan is Risk-based – WST


June 4, 2020 Show Me How your Audit Plan is Risk-based - WST Recently, we have fielded a few questions from financial clients on an examiner request: “Show your IT audit risk assessment with details of scope and frequency.”  What the examiner is really asking is “Show me how your audit plan is risk-based.”  The good news is that you are probably doing everything you need to be doing, you may just not know how to answer to the question. In a risk-based audit plan, risk assessments are used to determine audit scope and frequency.  Does your [...]

Show Me How your Audit Plan is Risk-based – WST2020-06-19T21:25:47+00:00

We Accept the Risk


Whether you find them in a risk assessment, we find them in an audit, regulators uncover them as part of an exam, or you hear something scary and familiar on the news, IT risks require ACTION.  There are generally four things you can do once a risk is identified within your environment: Avoid it. No one likes being told, “You can’t do that. It’s too dangerous.”  Risk avoidance is when management determines that the risk outweighs the benefit of an asset (like a product offering, practice, or IT system) and decides not to go forward with implementation.  Avoidance is much [...]

We Accept the Risk2020-02-13T21:43:07+00:00