The company performs security audits (such as vulnerability assessment, security assessment etc.) on an annual basis. After the audit is performed, the company makes note of the findings based on the gaps identified by the auditors. To better understand the risk implication of findings, the company uses a method to generate a risk score and risk rating for each of the audit findings. The risk scores and risk ratings are calculated based on pre-defined parameters.
By having a risk matrix heatmap report on their dashboard, it helps the company visualize the risk posture of audited entities in real-time and act when necessary.