Planning risks
Who is this article for?
Administrators responsible for risk planning within their organisation.
Administrator access is required.
In Pentana, you can risk-assess the audit universe for a chosen planning period to determine and maintain your audit schedule or plan.
Planning risks
Planning risk factors can be defined, assessed, and configured to fit scoring rules. They capture global risks affecting large parts of the audit universe. These risks assign a score to each entity-process during a planning period for effective audit planning.
Multiple planning scenarios can cover the same date range, and any part of a planning period can be used to create the audit plan for that range.
Registering planning risks
Planning risks are recorded for each entity and process with these attributes:
- Name – the risk's name
- Order – display order on the data grid
- Description – detailed description (rich text)
- Guidance – extra info, expected results, or standards
- Active – indicates if the risk is active; only active risks apply in planning periods
- Category – segmentation
- Entity Types – linked to specific entity types
- Process Types – linked to specific process types
- Weight – weight used in roll-ups
Risk factors can be weighted and criteria set to assess different risks for various subsets, such as IT projects or branches.
Associating entity and process types
Planning risks can be linked to specific entity types. If no type is set, the risk applies to all entities without a type.
A risk with a set type only applies to entities of that type, determining which entity-process needs risk assessment during an active planning period.
Entities have one type, but a planning risk can have multiple types.
Applying planning risk weightings
A planning risk's significance to the audit universe is shown by its weighting. This weighting influences the risk's score during the planning period, with a higher weighting leading to a higher assessment score.