What’s the difference between an audit and a risk assessment?

like
Posting as :
works at
You are currently posting as works at

Audit can be of anything but unless you are talking about a financial audit typically evaluates compliance with policies or some standard. It could also be called a gap assessment. Risk assessment is a term often misused. Often people say risk assessment when they mean gap assessment/audit. A real risk assessment follows a standard like NIST 800-30. It starts with assets, then identifies the threats and risks for each asset and then the safeguards that mitigate each risk. Your risk assessment results could be inherent (before applying safeguards) or residual (after applying safeguards).

like

Risk assessments to know what controls to put where (to address risk); audits to test to make sure controls are working as expected. (Crude summary but you get the idea)

like

Everyone know audit is boring. Meanwhile, assessment is exiting because no one know what it is about.

Related Posts

Any tips for hard launching partners on social media? For context, I’ve (Indian American female) been dating my white American boyfriend for 3 years and we just got engaged after two years of convincing my parents. They are very happy and excited now, but I’m scared shitless about being ostracized / judged by my extended family and Indian community in the US once I “let the cat out of the bag” on the engagement news. I want to be proud and confident about this but could use some moral support.

like

New planner here looking for advice. If you had to write a creative brief for an HCP strategy in a week with no insight research currently available, how would you go about it?

helpful

How long did it take you to lose interest in your job?

like

Is it common for HOA to ask you to prove your car registration is up to date?

like

Starting at BCG in about a month. How have those working long hours able to find their SO? Should I give up on looking for an SO and try the toxic hookup culture? 23/M for reference.

like

Anyone who plays badminton or squash casually here?

like

What is the meaning of tech select in mindtree refferal portal?Mindtree

It's an exhausting time to be working in this industry, to say the least. How do you prevent taking your work home with you?

like

Hilton has the worst rewards program.

like

What is element require mitigation in a background check?

like

Seems like geothermal energy is quite literally an untapped resource and I wonder why we haven't invested more in researching its potential

like

Will I get job if i have 3 years of career gap initially due to medical reasons
After that i have 6 years of experience

like

Hi! I’m scheduling a screening phone interview for a senior marketing manager position and I’m wondering what my salary expectations should be? 6 years experience & nyc based. Any insight here would be greatly appreciated.

Thank you!

like
like

At any level above Senior, how do u manage the relationship between utilization and realization, which is an inverse relationship. Seems to be either blow the budget (and write it off), or eat a lot of time.

like

Hi Fishes, Can anyone shed some light on what does PWC SDC pays to Audit Senior Associate with 2 YoE Post Qualification. Qualification (Chartered Accountant).

I have heard that they are paying good this year but wanted to know specific numbers if someone can help.
Current CTC - 11 L

like

I started doing the 90 min waking rule for when to drink coffee and I’m wondering if it’s all fluff, thoughts? I use to look forward to it.

like

What range should I quote to HR when they ask for what are your expected salary? Current CTC is 10.55 LPA. I have 5 years of big data experience including 6 months of on site project at egypt. Your suggestions are most welcome....

Additional Posts in Risk Assurance

Im looking at new job opportunities out side of PA but struggle to confidently answer how much I’m looking to be paid. I’m so worried of over asking or leaving money in the table.
I’m in a SoCal HCOL and have been asking for 100k for Senior Internal Audit Roles (2 years) and working on my CiSa.
Is that too optimistic?

like

I’m getting put up for manager a year early. I have PPMD ,SM, and M support. Pretty much support from all the key individuals on my team and in my service line. Since it is a year early if i don’t get promoted this round I know it’ll come mid year but I do expect a good salary increase still without the promo. If I don’t get the promo nor a salary increase that I’m okay with, how do I let my partner know that I will begin to entertain outside offers? some of which have offered the manager role.

like

How do you apply design factors to IT Audits. Just overheard someone explain 'level of aggregation' for IT Security policies by describing how many people have access to it. Why is this a thing???

like

Identifying a common process, what does this even mean 😩 please help.

like

Are the exit opportunities better in Internal Audit/Business Process than IT Audit? All I hear is how awful IT Audit is but don’t hear as much complaining from the business side

like

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

What makes more money IT Audit or IT GRC?

like

Does Deloitte and PWC has a dedicated app sec pen-test team? What percent of the time do you travel? Do you guys work from home or need relocation to any place in US?

like

Be honest, do you see yourself staying in the game to make partner?

likehelpful

Crowe is hiring for quite a few positions across the US (Internal Audit, IT controls and cyber/digital security, Compliance,etc)… I’m a manager and would think some of these niche areas have great opportunity for new folks to excel rather quickly. Great flexibility and mobility policies. I’d be happy to chat if interested and get you directly in touch with the right people internally.

likefunny

Currently in Risk Assurance but have the opportunity to transfer into Deals & Strategy. Which one is better for a career long term?

like

Is anyone here in KPMG’s CRM Risk practice? If so do you know if they are still hiring??

like

Does business Process Internal Audit or IT Internal Audit make more?

like

Should I take this offer in a second line role with similar bad WLB as public? Current salary: 155k base, 8k annual bonus (7YOE):

Offer:
170 base
17k sign on
25,500 (15% annual bonus)
28k annual RSUs (vest quarterly)

like

London, Dublin, Luxembourg, Munich. Choose a place to move to from NYC. Fuck H1B.

What’s it mean if your boss tells you to start looking for a new job? What would be your first step?

like

How is IT audit at Baker Tilly? Looking to change from a big 4.

like

I have an interview coming up for internal audit manager. Currently in external audit. When asked about my experience in ERM - what would you say Is transferable skills that I can leverage in my answer?

like

Does anyone still have an active Becker account that I could borrow for 2 months to study for my REG exam? Please! Thanks!

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal