How to have a positive audit experience. Vote & share to win!
Hey all! I know there can be a lot of stigma around audits, but it’s definitely possible to have a positive experience in this arena.🤓 Check out this article for Drata’s expertise on handling an audit. And for the chance to win a brand new pair of Apple airpods 🎶🎧, vote on the poll below & share your audit questions and comments below! 👇🏽 Entries will be accepted until December 23rd at 10AM PST.
Risks vs Issues
Hey, I would like to better understand Risks and Issues please.My understanding is that the former is a potential future loss event and the latter is a weakness/vulnerability/control gap etc. that usually comes out of audits/assessments.If that’s correct, I have some additional questions:Do you maintain separate registers for them? Is it fair to say that most issue have (or can have) a corresponding risk entry in the risk register? e.g. The lack of/inadequate DLP controls can have an entry in the issue register and also the risk register (as a data leakage risk scenario). If above statement and example is true, why can’t we just capture issues (control gaps/findings) as risks in the risk register (instead of issues in a separate register)? Is it because we don’t want the risk register to become really big with lots of entries? or because of other reasons too? Many thanks in advance.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.