Risk Auditing

The Risk Auditing app facilitates quick security controls assessment which helps in identifying various risks that have a negative impact on the company/business/organization. The assessment and auditing features of the app is designed to enable an administrator to answer a risk management related questionnaire and make judgments accordingly. The app supports risk auditing and assessment of multiple assets owned by a particular organization. This process of internal risk auditing is done by answering a total of 20 questions which finally defines the risk posture of the company/business.

Left-hand Navigation Panel > Compliance Controls > Risk Auditing

The risk control process starts with analyzing and assessing the risks associated with various types of assets. Crystal Eye’s Risk Auditing app has excellent features that enable CE administrators to perform a comprehensive internal risk assessment. The questions asked in the critical security controls section of the risk auditing app has been formulated to identify various risks involved with a particular asset. If the answer is a “Yes” then that particular parameter is not considered as a risk. However, if the answer is “No” then that risk parameter turns into a potential risk and gets registered under the Pending Risks section.

Once the risks are identified and are transferred to the pending risks section the CE administrator can easily view/edit the following sub-parameters related to the newly created risk.

  1. Submission Date – The date at which the risk was identified and created in the Risk Auditing app.
  2. Subject – Brief description providing details of the risk.
  3. Risk Score – Rating the risk on a scale of 1 to 10.
  4. Owner – The owner of the asset for which the risk was created.
  5. Asset Name – The name of the asset for which the risk assessment is done.
  6. Additional Notes – Additional information regarding the identified risk.

After the edits are confirmed, the risk details can be sent to Red Piranha’s risk assessment team for further analysis and mitigation.

How to Assess Risks Associated with an Asset Belonging to a Company/Business/Organization?

Step 1: In the Risk Auditing application page, click the Select Critical Security Controls button.

Step 2: You will now see the Critical Security Controls questionnaire page. Enter the Asset Name for which the risk needs to be assessed, Select Controls and click the Submit button.

Note: If the tick box against the question is selected then the answer is considered as “Yes”. However, if the tick box is not selected then the answer is “No”. A risk will be created for each “No” and result in creation of related risk in the Pending Risks section.

The newly created risks will now be visible in the Pending Risks section as show in the screenshot below.

How to Add/Delete/Edit a Newly Created Risk from the Pending Risk Section?

Step 1: In the Risk Auditing application page, click the Pending Risk button.

Step 2: You will now see the Pending Risks section/page. Select the required listed pending risk and make the necessary edits.

Note: If you click the Add button the risk will be accepted and be shared with Red Piranha’s risk assessment team for further analyses and mitigations.