Curious about how AuditMap works? Find answers to frequently asked
questions here.
If you’ve got any questions about AuditMap please check below for some of the common ones we’ve already been asked.
AuditMap provides the ability to navigate documentation against topics and entities, which can be mapped out to the prescribed audit universe. However, our recommendation is to encode the audit universe after a few months of usage of the platform, so that audit coverage gaps may be identified, risk trends established, and the structure of the existing audit universe assessed.
Our tool retrieves risks from internal reports and public sources to provide better risk awareness. Most of our clients use both tools of the same time, where reporting is done on their existing audit compliance platform, and audit planning support is provided through our tool. We already have integrations available for many audit compliance platforms. Contact us to learn more.
By its very nature, risk is a probability. It is not a binary state. Our platform categorizes the following statements under the risk category: process level risks, which indicate failure to adhere to a prescribed process; management level risks, where there might be an absent process that could threaten the achievement of corporate objectives; enterprise level risks, where the state of existence of the organization may be under threat, such as environmental or reputational damage; drivers of risk, where the environment in which processes exist might exacerbate the opportunity for risks to materialize; and opportunities for improvement, where recommendation alludes to a process which is inefficient or ineffective.
Working closely with her clients, we identified two major usage phases with our platform. First, there is both excitement and dizziness from the ability to navigate all of the documented risks and coverage gaps within the organization; this phase is usually only a few weeks long, at which point clients rely more and more on the speed of the platform to make real-time decisions. Second, due to the transformative nature of our approach, clients soon realize that all behaviours are no longer necessary; for instance, a dynamically generated risk register does not require continuous manual effort, just like a dynamic risk and control matrix is no longer a work product set in stone.
Our platform allows the encoding of key pillars of certain industry standards and risk management frameworks. This means that we are able to retrieve risks and risk trends against particular objectives and controls. However, it is important to remember that many of these standards call for ongoing vigilance, monitoring, and adaptation. Here are a few examples: ISO 31000:2018, section 5.7.2: “The organization should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated.” ISO 27001:2017, section 4.3: “The organization shall determine the boundaries and applicability of the information security management system to establish its scope.” AuditMap accelerates and alleviates the tediousness of navigating historical risks, which means that you can go back doing what you do best – being human.
Our platform has both Cloud and on-premise instances available, including both single-tenant and multi-tenant deployment availability. We will never use your data for training our models, unless you explicitly request us to do so (for instance, if we include a custom ingestion pipeline unique to your organization).