Risk-Based Auditing Business
Pages in Design Document
Cybersecurity Auditing Frameworks Leveraged
Total Time in Months to Design
The client requested help to take their compliance inspection business to the next level.
They were executing inspections and needed an innovative way to transform their service.
They wanted to quantify risk and take into account business impact.
We knew compliance inspections did not do this.
So we recommended them to develop a Risk-Based Auditing Business instead.
Context / Action
We help them design a Risk-Based Auditing business.
Risk-Based Auditing service allowed them to do the following:
- Decompose each client’s business;
- Understand the mission and impact;
- Understand the Cyber architecture;
- Identify the Cyber framework to use;
- Perform assessments on People, Processes and Technologies;
- Identify Gaps and Issues;
- Quantify and Qualify gaps and issues into Risk;
- Develop roadmap for getting healthy;
Their customer product would allow them to take action and fix things fast.
Their current compliance inspection service did not come close to doing this…
Thus, understanding the client’s requirements and end state…
We knew shifting from compliance inspections to a risk-based auditing approach was necessary.
A risk-based audit encompasses compliance testing… But compliance testing does not encompass a risk-based audit.
As added value to their clients. We incorporated a Root Cause Analysis (RCA) service.
This allowed them to dig deep to uncover the true problems in customer businesses.
We help them get the word out. We performed joint venture partnerships, Email Marketing and Content Marketing.
We also instructed the client to brief at symposiums, Cyber events and businesses.