🏠 riskvizon.com GRIP Demo Audit Function
← Demo Home www.riskvizon.com ↗
🔍 Audit Function
Internal Audit  ·  Regulatory  ·  External
Audit
Open Critical Findings 4 Critical
IDFindingDue
AUD-001IAM Orphaned Accounts30.04.25
AUD-002Unpatched CVE 47 days31.03.25
AUD-010CS Litigation Exposure31.12.26
AUD-013Core Banking 6mo delay30.09.26
AUD-014Legacy CVE unpatchedOVERDUE
Internal Audit & Regulatory Dashboard
My Outstanding Issues  ·  New_Co Group  ·  Chief Internal Auditor: Ms. R. Keller
As of 21 May 2026
FY 2025  ·  Audit cycle review
Total Open Findings
12
Internal & Regulatory
Critical / High
4 / 5
4 Critical  ·  5 High
Overdue
2
AUD-014  ·  AUD-005
Regulatory Findings
8
DORA  ·  FINMA
Resolved YTD
3
AUD-005  ·  AUD-008  ·  AUD-009
📊 Findings by Category & Severity 15 Total  ·  FY 2025
Critical High Medium Low
🌡️ Audit Risk Heatmap — Key Areas Open findings count  ·  colour = severity
3
IT / Technology
3
Operations
2
Compliance / Regulatory
2
Financial
2
Third-Party
2
People & Culture
1
Risks (External)
0
Treasury
0
Legal
Highest Risk Areas: IT/Technology & Operations
6 findings across these two areas, including 3 Critical. Repeat finding pattern in IAM (AUD-001) and patch management (AUD-002, AUD-014).
📋 Audit Findings Register — All Open & In Progress
4 Critical 5 High 4 Medium 2 Resolved
IDFindingCategoryType SeverityStatusRaisedDueOwner
AUD-001 IAM — 47 Orphaned Accounts on Production SystemsREPEAT IT / TechnologyInternal CRITICALIn Progress 15.01.2530.04.25 Head IT Security
AUD-002 Critical Patches SLA Breach — 12 Servers, CVE-2024-3400 47 Days IT / TechnologyInternal CRITICALOpen 10.02.2531.03.25 CISO
AUD-010 CS Legacy Litigation — Material Uncertainty (PwC) RisksExternal CRITICALIn Progress 28.02.2531.12.26 General Counsel
AUD-013 Core Banking Migration 6 Months Behind Schedule OperationsInternal CRITICALIn Progress 15.01.2530.09.26 COO / Programme Dir.
AUD-014 Unpatched CVEs — 47 Legacy CS Servers OperationsInternal CRITICALOVERDUE 10.04.2531.12.25 ⚠ Group CISO
AUD-003 FX Desk Reconciliation Breaks — CHF 50K Tolerance Exceeded (14 Days) FinancialInternal HIGHIn Progress 20.10.2430.06.25 Head Treasury Ops
AUD-004 BCP DR Test — Core Banking RTO 6h22m vs 4h Limit OperationsInternal HIGHIn Progress 05.11.2431.05.25 COO / BCM Head
AUD-006 FINMA Circ. 2023/1 — ICT Risk Governance Documentation GapsREGULATORY ComplianceRegulatory HIGHIn Progress 15.03.2530.06.25 CRO / Group Compliance
AUD-007 Cloud Vendor Concentration 63% — Exceeds 50% Limit Third-PartyInternal HIGHIn Progress 30.01.2531.12.26 Group CIO
AUD-011 Deferred Tax Asset Recoverability — Material Uncertainty (PwC) FinancialsExternal HIGHIn Progress 01.03.2530.04.26 Group CFO
AUD-008 Mandatory Compliance Training — 18% Non-Completion Rate People & CultureInternal MEDIUMIn Progress 10.01.2531.03.25 CHRO / CCO
AUD-012 Prudential Valuation Adjustment — Methodology Gap (FINMA) FinancialsRegulatory MEDIUMOpen 20.08.2531.10.26 CRO
AUD-015 Cloud Concentration Exceeds Internal Limit (60%+) OperationsInternal MEDIUMOpen 30.07.2531.12.26 Group CIO
AUD-005 AML Alert Backlog — 340 Alerts >30 Days ComplianceInternal CRITICALResolved 10.12.2430.04.25 CCO
AUD-009 Policy Document Version Control — 6 Policies Overdue ComplianceInternal MEDIUMResolved 15.02.2530.04.25 Policy Team
🗓️ Audit Planning — 2025 Programme 10 Audits  ·  Annual cycle
Completed: 4  ·  In Progress: 3  ·  Planned: 3  ·  Testing Events: 10
IT Controls Audit Q4 2024
Completed
Done
Treasury Ops Audit Q3 2024
Completed
Done
BCP / DR Test Oct 2024
Completed
Done
AML Review Dec 2024
Completed
Done
Patch Mgmt Review Q1 2025
In Progress 65%
Active
Cloud Concentration Review
In Progress 45%
Active
DORA Compliance Audit
In Progress 80%
At Risk
Credit Risk Model Review Q3
Q3 2025
Regulatory Capital Audit Q3
Q3 2025
Annual Cyber Resilience Audit
Q4 2025
✅ Remediation Progress Tracking Avg 52% complete
Open findings ranked by remediation progress  ·  Target: 100% by due date
Critical Findings
AUD-001IAM Orphaned Accounts
70%
AUD-002Patch SLA Breach
45%
AUD-010CS Litigation Exposure
30%
AUD-013Core Banking Migration
38%
AUD-014Legacy CVE Unpatched ⚠ OD
15%
High Findings
AUD-003FX Reconciliation Breaks
60%
AUD-004BCP DR RTO Breach
75%
AUD-006FINMA ICT Governance Gaps
55%
AUD-007Cloud Concentration 63%
22%
AUD-011DTA Recoverability (PwC)
40%
AUD-014 Overdue  ·  Escalation Required
47 legacy servers remain unpatched past 31 Dec 2025 deadline. Emergency patching programme initiated May 2025. CIA escalated to Group CISO and CRO.
🏛️ Regulatory Findings — DORA & FINMA 8 Active
IDFindingRegulationTypeStatus
rfind-dora-001ICT Asset Inventory — Cloud Assets Unclassified (35%)DORA Art.8ICT AssetIn Progress
rfind-dora-002ICT Risk Framework Not Reviewed Post Major IncidentDORA Art.6GovernanceOpen
rfind-dora-003Major Incident Report Filed 96h (Limit: 72h)DORA Art.19ReportingIn Progress
rfind-dora-004SQL Injection in Legacy Reporting ModuleDORA Art.24ResilienceOpen
rfind-dora-005TLS 1.0 Active on Legacy MiddlewareDORA Art.9SecurityIn Progress
🧪 Testing Events — DORA Resilience Programme 10 Events  ·  2025
TestTypeFrequencyRegulationStatus
Vulnerability Assessment Q1VAQuarterlyDORA Art.24Complete
Vulnerability Assessment Q2VAQuarterlyDORA Art.24Complete
Vulnerability Assessment Q3VAQuarterlyDORA Art.24Scheduled
Vulnerability Assessment Q4VAQuarterlyDORA Art.24Scheduled
Network Security AssessmentNSAAnnualDORA Art.24Complete
Penetration Test — ExternalPen TestAnnualDORA Art.26In Progress
TLPT — Threat-Led Pen TestTLPT3-yearlyDORA Art.26Planned 2026