Basic terminology and concepts of Discovery & Risk Assessment
Applies to: Audit and Control Management Server 2013
Summary:
Introducing basic terms and concepts
Discovery and Risk Assessment allows you to automate the process of managing the information your Excel spreadsheets and Access Databases that are critical to the operation of your company. You can categorize your documents according to its risk level. It provides built-in criteria to evaluate the risk level of each document based on its materiality and complexity. You can also customize the rules to evaluate the risk level of each document Before you get started, it’s helpful to become familiar with some core concepts and terminology that you will be using.
Terminology and concepts
| Term | Description |
|---|---|
Discovery Definition |
Rules used to determine which files to process during discovery and how to run the risk calculation. |
Discovery or Discovery Process |
The process that generates a list of Excel workbooks and Access databases. The list is written to the ACM database and is known as a “master inventory”. |
Master Inventory |
A list or catalog of files that was generated during the “discovery” process. |
Risk Assessment |
File content and structure risk is assessment based on the criteria that you define. |
Materiality |
Sensitivity of the document. Based on contents within the file or attributes of the file. For example, a file containing information such as Social Security numbers would be considered high materiality. Large dollar amounts that could critically impact the organization would also be considered highly material. |
Complexity |
The factors that determine the complexity of your Excel workbook and Access database files. It is based on the number of features that are used. For example, the quantity and type of formula adds to the complexity (and therefore risk) of a file. A SUMIF formula that contains nested IF statements or VLOOKUP formulas could be considered as high complexity. |
Risk |
A function of Materiality and Complexity. |
User Defined Keys (UDK) |
Tags files by using custom attributes. |
Parts of a Discovery and Risk Assessment
The first part of the Discovery and Risk Assessment is the “discovery” or the “discovery process”. The discovery process generates a list of Excel workbooks and Access databases. The list is written to the ACM database and is known as a “master inventory”.
The second part is the risk assessment. The risk assessment provides an analysis of all the files in the master inventory. It evaluates formulas, tables, data connections, spreadsheet links, Access database links, queries to external applications, web feeds, text files, and more. During a risk assessment, Excel opens every designated Excel workbook and its contents are read. All of this information is inventoried, categorized and then collected into a profile where it is assessed for risk. Aggregate reports and reports on each file can be displayed in the reporting pane. The same applies to how Access databases are evaluated.