Skip to main content
Version: 1.0.0-beta

How-To: Manage Risks

Learn how to create risk statements, assign ratings, and link them to audit universe entities.

Prerequisites

  • Entity must already exist in the Audit Universe
  • You must have the Auditor, Manager, or CAE role

Adding Risks to an Entity

Step 1 — Open Entity Detail

Navigate to Universe → click the entity you want to assess.

Step 2 — Go to the Risks Tab

Click the Risks tab in the entity detail view.

Step 3 — Click "Add Risk"

Click + Add Risk to open the risk creation form.

Step 4 — Complete Risk Details

FieldRequiredDescription
Risk TitleConcise risk statement (e.g., "Unauthorized payment approvals")
CategoryStrategic, Operational, Financial, Compliance, IT, Reputational
DescriptionRecommendedDetailed explanation of the risk scenario
Likelihood1 (Rare) to 5 (Almost Certain)
Impact1 (Negligible) to 5 (Catastrophic)
Risk OwnerRecommendedPerson accountable for managing this risk
Inherent RiskAuto-calculatedLikelihood × Impact (before controls)
Residual RiskOptionalRisk level after considering existing controls

Step 5 — Save

Click Save. The risk is now attached to the entity and the entity's overall risk score is recalculated.

Expected Result

The risk appears in the entity's Risks tab with a color-coded badge showing the risk level (🟢 Low, 🟡 Medium, 🟠 High, 🔴 Critical). The entity's aggregate risk score in the universe list is updated accordingly.

AI-Assisted Risk Assessment

The AI companion can suggest risks based on:

  • Industry standards — common risks for the entity type
  • Historical findings — risks identified in past audits of similar entities
  • Regulatory requirements — risks mandated by compliance frameworks (NCA, PDPL)

How to Use

  1. Open the entity detail → Risks tab
  2. Click AI Suggest Risks
  3. AI analyzes the entity and presents a list of suggested risks with pre-filled ratings
  4. Review each suggestion — Accept, Modify, or Reject
  5. Accepted risks are added to the entity
AI Governance

AI risk suggestions include confidence scores and source citations. All suggestions require explicit human approval before being applied. Every AI interaction is logged in the audit trail with full traceability.

Risk Categories

AIIA supports the following risk taxonomy:

CategoryDescriptionExamples
StrategicRisks to long-term business objectivesMarket disruption, M&A failure
OperationalRisks in day-to-day processesProcess errors, supply chain disruption
FinancialRisks to financial reporting and assetsFraud, misstatement, asset impairment
ComplianceRegulatory and legal risksNCA ECC non-compliance, PDPL violation
IT / CyberTechnology and security risksData breach, system outage, ransomware
ReputationalRisks to brand and public trustMedia coverage, customer complaints

Bulk Risk Operations

Bulk Import

  1. Navigate to LibraryRisks
  2. Click ImportDownload Template
  3. Fill in the CSV template with risk statements
  4. Upload and map risks to entities

Bulk Update

  1. Select multiple risks using checkboxes in the Risks tab
  2. Click Bulk Actions → select action:
    • Update Ratings — adjust likelihood/impact for all selected
    • Change Category — reassign category
    • Archive — mark risks as inactive

Risk Heatmap

The risk heatmap provides a visual overview of all risks across the universe:

  1. Navigate to Executive dashboard
  2. View the Risk Heatmap widget
  3. Each cell shows the count of risks at that likelihood × impact intersection
  4. Click a cell to drill into the specific risks

Best Practices

  1. Use clear, actionable risk statements — "Unauthorized access to financial systems" is better than "Security risk"
  2. Be honest about ratings — avoid bias toward lower ratings
  3. Review quarterly — risk landscapes change; reassess ratings regularly
  4. Consider residual risk — assess risk after existing controls, not just inherent risk
  5. Link to controls — every risk should have at least one mitigating control mapped
Last updated on by AIIA Engineering