As much as our industries have changed due to information technology, the process of preparing and delivering a risk assessment audit has not. Many of my colleagues still produce a paper based risk assessment using MS Word, Excel, or other word processing software. Often we produce lengthy reports and the client only reads the executive summary in the front of the report and the mitigations at the end. What happens to all the great information in between? This session will discuss how technology advancements enable us to gain the full benefit of the information obtained and use it to enable critical business decisions.
There still seem to be considerable discrepancies when it comes to auditing a management system using the process approach. And now, with the new requirement of risk-based thinking it has become even more confusing. How do you assess if an organization or a manager consider risk without a specific requirement for risk analysis? Risk-based thinking seems new, but it’s not. But how do you audit it?