Using Tableau...

1. How many business processes does the auditable entity "Business Continutity and Disaster Recovery Management" have?
2. Which two auditable entities have the highest total number of risks? (Hint: Each row is a unique risk.)
3. Which risk owner is responsible for the smallest total number or risks?
4. How many risks belong to the risk category "internal fraud"?
5. How many risks have an inherent impact rating of "high"?
6. How many risks have an inherent likelihood rating of "low"?
7. Which risk has the highest risk score? (Hint: Use MAX.)
8. Which business process belongs to two risk owners?
9. How many risks have an inherent likelihood rating of "medium" and an inherent impact rating of "medium"?
10. Which risk owner is responsible for five risks that have an inherent likelihood rating of "medium" and inherent impact rating of "medium"?

Chapter 2 Raw Datax|sx Case Background Big Picture: Determine which areas of the business should be subject to frequent internal audits due to being high risk. Details: Why is this data important, and what questions or problems need to be addressed? - Internal auditors analyze company risk on an ongoing basis to ensure that they are targeting high-risk areas for audits. Of course, all areas of the company need to be audited; however, higher-risk areas need to be audited more often, as they havea higher likelihood of occurring and/or impact to the company. - When determining which areas of a company to audit, the Internal Audit department divides the company into "auditable entities." An auditable entity represents a group of business processes that are closely related. Auditable entities are often based on existing business functions of an organization, such as those shown in Illustration 2.3 . - To illustrate the risk of some areas of the company, consider the following questions: Which risk has the highest inherent risk score? How many risks have a high inherent impact? Plan: What data is needed, and how should it be analyzed? - The data needed is pulled from the internal audit GRC (governance, risk, and compliance) software, which houses the Internal Audit department's assessment and ratings of corporate risks. - The data was filtered to include only the auditable entities that were subject to internal audit last year. Now it's your turn to evaluate, analyze, and communicate the results