For Consultancies
Deliver bigger-firm workpapers without bigger-firm overhead.
CLIENT PORTFOLIO12 Active
CONTROL ARCHITECTURE PLATFORM
Turn process discovery into audit-ready control architecture.
unrisk.ing helps consultancies, internal risk teams, and large advisory groups convert stakeholder interviews, raw files, SOPs, and process maps into workflow logic, risk baselines, RACMs, and export-ready client deliverables.
sample client / payroll process / SOX-ready export
PRIMARY DEPLOYMENT VECTORS
For In-House Teams
Run discovery, controls, and evidence review without rebuilding the audit file every cycle.
OWNER MATRIXLiveSync
For Advisory Firms
Standardize engagement delivery without flattening client complexity.
FRAMEWORK SWITCHER
SOX 404ISO 27001UK P29
ENGAGEMENT ARCHITECTURE
Model clients, engagements, workflows, risks, controls, and evidence as one connected system.
Most teams collect discovery in one place, process maps in another, risks in a spreadsheet, and evidence in a folder. unrisk.ing keeps every object linked from first interview to final export.
DIRECTORY ENGINE
- /app/dashboardFirm or team overview
- /app/{client-id}/settingsClient profile and standards
- /app/{client-id}/{engagement-id}/kanbanEngagement control tower
- /app/{client-id}/{engagement-id}/{process-id}/inputsDiscovery inputs
- /app/{client-id}/{engagement-id}/{process-id}/risksRisk model
- /app/{client-id}/{engagement-id}/{process-id}/dagWorkflow DAG
- /app/{client-id}/{engagement-id}/{process-id}/racmRACM export
ENGAGEMENT KANBAN TOWER
DISCOVERY (4)
Payroll Onboarding82% Processed
CONTROL MAPPING (2)
Treasury SweepReview Needed
SIGN-OFF (1)
Fixed AssetsLocked
PHASE 01: INTAKE
The Discovery Engine
LIVE TRANSCRIPT EXTRACTIONRECORDING
INT:
“After HR approves a new joiner, which system creates the access request?”
STK:
“Workday creates the task. IT Security reviews joiner and leaver access daily.”
TAG: CONTROL_ACTIVITYTAG: DATA_INTEGRITY
EVIDENCE VAULT
↥Standard_Ops_Payroll_v4.pdfVerified
User_Access_Review_Q3.csvAnomaly Detected
Bank_Detail_Change.docxVerified
QUANTITATIVE FOUNDATION
Risk Priority Modeling
Likelihood, severity, exposure, owner, evidence strength, and control coverage stay tied to the process path they came from.
RPS = L x S
Calculated via Likelihood and Severity weighted by asset criticality.
| RISK | STEP | RPS | STATUS |
|---|---|---|---|
| Terminated user retains access | Access Revocation | 20 | Unmitigated |
| Duplicate vendor approved | Vendor Changes | 12 | Evidence Needed |
| Manual journal posted late | Journal Entry | 8 | Reviewed |
lock
sync
warning
CLIENT DELIVERABLE
Automated RACM Export
UK Provision 29SOX 404ISO 27001
| CONTROL ID | RISK ID | CONTROL ACTIVITY | TYPE | FREQ | OWNER | FRAMEWORK |
|---|---|---|---|---|---|---|
| FIN-01-A | R-42 | Controller reviews payroll register for variances >5% against prior month. | Manual/Detect | Monthly | HR Dir | UK-P29.1 |
| SEC-04-B | R-109 | Automated MFA enforcement on all administrator entry points. | Auto/Prevent | Realtime | SysAdmin | ISO:A.9.4.2 |
| CTRL-027 | RISK-011 | Monthly leaver access review with exception list sign-off. | Detective | Monthly | IT Controls | SOX 404 |
Multi-client delivery
Manage separated workspaces for complex client portfolios with one shared toolchain.
In-house ownership
Internal teams gain a persistent audit file that survives team rotations.
Advisory review
QA client workpapers with standardized scoring and evidence benchmarks.
Framework flexibility
Map controls once, export to SOX, ISO, SOC2, or client-specific provisions.