AuditBoard is a cloud-based audit management software solution from the company of the same name in Cerritos.
N/A
ThreatConnect Risk Quantifier™ (RQ)
Score 7.3 out of 10
N/A
Risk Quantifier (RQ) translates cyber risk into clear financial terms, allowing security leaders to prioritize defenses and communicate impact in the language of business. By mapping MITRE ATT&CK techniques and vulnerabilities to financial loss scenarios, RQ enables cost-justified security decisions. Together with TI Ops and Polarity, RQ ensures that operational efforts align to risk-based priorities — bridging the gap between threat activity and executive decision-making.
Auditboard is especially useful for SOX control testing. It is very convenient having all our information on a single platform. It is easy to communicate PBC requests to clients, store control testing working papers for review, communicate deficiencies and build dashboards to provide visual statistics. Situations where it might not be useful are for organizations that are smaller in size where the templates don't fit well with their internal audit/controls program. There is a significant amount of testing required before using the platform, and adapting working papers to fit in well with AuditBoard
Well-Suited Scenarios: Reporting to management where financial risk metrics are required. - Vulnerability prioritization when you need to rank issues by real exploit risk and financial/business impact. Less-Appropriate Scenarios: Fast-changing cloud environments where asset data needs updates too frequently for accurate models required all the time. - Incident investigation, as ThreatConnect Risk Quantifier™ (RQ) is not designed for real-time check
We used to perform our Risk Control Analysis (RCA) for each audit's planning in an Excel spreadsheet. Once we purchased the Risk Oversight module, AuditBoard helped us convert the RCA to a system function rather than a spreadsheet. At first, we lost some of the functionality the spreadsheet provided, but AuditBoard did continue to help us build and work towards a solution more similar to what we previously had. Though happy with it, it's still not perfect. As one example, I'd like to be able to link actual Ops Audit work steps that cover the risk and controls being outlined in the RCA, rather than just adding a comment to state which steps cover them. More of a preference, I suppose.
I also had demoed their beta Resources and Scheduling module, but it didn't have enough functionality at the time to work for how we put the quarterly Internal Audit schedule together (using Excel). One thing I recall was that you couldn't pull in SOX controls or non-chargeable work (such as education or administration) to auditor's schedules; it was meant to schedule the Ops Audits only. It is possible they have already fixed or improved this; I just haven't seen the updated version.
Dashboards can be customized to offer more options, especially for technical teams that require deeper drill-downs and also more simpler and user-friendly.
Processing large data files can be slow sometimes, especially during large builds or bulk updates.
Risk modules sometimes need manual intervention for multi-client environments, which can be time-consuming.
I rate ThreatConnect Risk Quantifier™ (RQ) an 8 because it’s generally easy to use once the integrations are set up. The dashboards, risk scores, and financial impact metrics are very straightforward and help make quick decisions for executives. However, the initial configuration and model tuning can be a bit complex it's not a perfect 10 for me.
I remember there were a lot of sync issues when I used the internally developed software, but that's probably because a few people were working on the same project at the same time. I have not come across this issue in AuditBoard
ThreatConnect Risk Quantifier™ (RQ) stacked up better than RiskLens, better for our organization, is mainly because it integrates directly with our scanners, SIEM, and CMDB, allowing automatic, real-time risk monitoring. It also combines exploit intel, asset value, and vulnerability data more efficiently, giving us clearer technical priorities for the business impact. We chose ThreatConnect Risk Quantifier™ (RQ) because it provides faster, more actionable risk scoring with less manual modeling than RiskLens.
Hard to quantify. It was cheaper than the tool we had and we were able to get rid of standalone tool for surveys. overall, just better user experience for all.
