Risk Scoring
Risk scoring determines how often each auditable entity should be audited. Higher-risk entities are audited more frequently.
Risk levels and audit cycles
| Risk Level | Audit Cycle |
|---|---|
| High | Every year |
| Moderate | Every 2 years |
| Low | Every 3 years |
Risk factors
Each entity is scored across multiple risk factors. Your organization can customize which factors are used and their weights in Settings → Risk Factors.
Common risk factors include:
- Inherent risk — The natural risk level of the activity
- Control environment — Strength of existing controls
- Regulatory exposure — Degree of regulatory scrutiny
- Financial impact — Potential financial loss
- Change / complexity — Recent changes or high complexity
- Prior audit results — Findings from previous audits
Scoring an entity
- Open an entity in the Audit Universe
- Go to the Risk Assessment tab
- Score each risk factor (typically on a scale)
- The overall risk level is calculated automatically based on factor weights
- Save the assessment
Who can score
Risk scoring requires Senior Auditor or higher permissions.
AI-assisted scoring
LOQI can suggest risk scores based on:
- Uploaded documents (regulations, prior audit reports)
- Risk registers imported from external sources
- Historical audit data
Click Suggest Scores to get AI recommendations, then review and adjust.
Importing risk registers
If your organization maintains a risk register externally:
- Click Import Risk Register in the Audit Universe
- Upload an Excel or CSV file with entity names and risk data
- Map columns to LOQI's fields
- Review and confirm the import