Related Posts
Hilton has the worst rewards program.
Additional Posts in Risk Assurance
What makes more money IT Audit or IT GRC?
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
Hilton has the worst rewards program.
What makes more money IT Audit or IT GRC?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Download the Fishbowl app to unlock all discussions on Fishbowl.
Copy and paste embed code on your site

Scan your QR code to download
Fishbowl app on your mobile

Audit can be of anything but unless you are talking about a financial audit typically evaluates compliance with policies or some standard. It could also be called a gap assessment. Risk assessment is a term often misused. Often people say risk assessment when they mean gap assessment/audit. A real risk assessment follows a standard like NIST 800-30. It starts with assets, then identifies the threats and risks for each asset and then the safeguards that mitigate each risk. Your risk assessment results could be inherent (before applying safeguards) or residual (after applying safeguards).
Risk assessments to know what controls to put where (to address risk); audits to test to make sure controls are working as expected. (Crude summary but you get the idea)
Everyone know audit is boring. Meanwhile, assessment is exiting because no one know what it is about.