The risk within self audit risk assessments
No one knows the risks inherent to an asset better than those who work with the asset. That is why self audit has been around for years. It allows the audit team to get to the hidden details, while distributing the discovery phase of the workload to outside of the audit team. When I first started working with self assessment audits, the sessions were typically moderated by an experienced risk assessor. The moderator would ensure likelihoods and impacts were accurately recorded and (s)he would use an auditor’s experience to help interpret and guide the answers. Since then, Risk and Audit teams have been placed under increasing pressure to do more with less. I have noticed a trend to remove the moderator for the self-assessments, and take the self-assessor’s word...
Recent comments