Case Study: Retail Organization reduces audit risk uncertainty with RiskLens

‘High Risk’ Audit Finding Doesn’t Hold Up to FAIR Analysis

Retail Organization worked with RiskLens to resolve a dispute between IT and Internal Audit over a “High Risk” audit finding. The issue involved employees having inappropriate access to systems that controlled pricing and could allow them to push changes into production, but the IT team believed the risk was being overstated. They used the RiskLens application for cyber risk analytics and FAIR-based analysis to assess the actual exposure.

RiskLens helped the team gather data from subject matter experts, quantify frequency, detection timing, and control effectiveness, and run the scenario through its Monte Carlo engine. The analysis showed an annualized loss exposure of only $0–$5,000, with a most likely value of $0 and an average of $3K, demonstrating the issue was low risk rather than High Risk. Armed with these results, the organization drafted a stronger response to auditors and successfully supported its position with quantified evidence from RiskLens.