Risk

What is a Risk Audit & Risk Reassessment?

Two distinct check-ups: a risk reassessment re-examines the risks themselves — new ones identified, stale ones closed, scores refreshed (a regular team activity, often each reporting cycle). A risk audit examines the process — are responses actually effective, is the register maintained, is risk management being done as planned (typically independent, less frequent).

The exam split: reassess the risks, audit the process. A scenario about checking whether responses worked and the framework functions is audit territory.

Worked example

Monthly, the project reassesses: four risks closed, two new ones from the design change, the groundwater risk upgraded after wet-season data. Twice a year, the PMO's independent audit asks harder questions: the mitigation for the vendor risk was never actually implemented (finding), triggers aren't being monitored on weekends (finding), and reserve drawdown has no approval trail (finding). Different lens, different value — the reassessment manages risks; the audit keeps the management honest.

← Back to the full glossary