Take Control of Compliance Improvement to Conquer Every Audit
Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.
This content requires an active subscription.
Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.
Your Challenge
- Most enterprises view compliance as a "must-do" expense rather than a "should-do," value-added activity.
- IT is often left out of compliance discussions and is unaware of compliance requirements or non-compliance gaps.
- Organizations generally wait to improve compliance until mandated changes are dictated following an adverse audit or assessment.
Our Advice
Critical Insight
- Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.
- Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.
Impact and Result
Approach compliance proactively and derive value from the process by managing your compliance initiatives using a constant cycle.
- You need to initiate the drive to conform with regulations and improve compliance.
- You need to consistently assess the regulatory and business landscape to determine your compliance gaps.
- You need to improve compliance and remediate non-compliance in an effective, tactical manner.
- You need to confirm and assure compliance through regular adherence checks.
Info-Tech’s framework presented in this blueprint is compliant with COBIT MEA03 – Monitor, Evaluate, and Assess Compliance with External Compliance.
Contributors
- Heriot Prentice, Director of Technology Operations Review, Brown & Brown
- Glen Notman, Associate Partner, Citihub
- Tony Noblett, SVP CISO, Urban Lending Solutions
- Carter Cameron-Huff, Consultant, Enterprise Risk Services, MNP LLP
- Ashley Moore, Policy & Planning Program Director, Broadcasting Board of Governors
Want to Participate in Our Research?
- Analyst Interviews: Share your best practices, opinions, tools or templates with your peers.
- Webinars: Interactive session to keep us focused on topics you want to tackle.
- Upcoming Workshops: Accelerate your project with an onsite, expert analyst to facilitate a workshop for you. Contact us for more details.
Get the Complete Storyboard
See how all the steps you need to take come together, with tools and advice to help with each task on your list.
Download NowGet to Action
-
Launch the project
Make the case and launch the compliance project.
-
Perform a gap analysis
Identify compliance requirements and prioritize non-compliance gaps.
-
Remediate non-compliance gaps
Improve non-compliance and document management gaps.
-
Confirm compliance
Assure and confirm compliance through interviews and audits.
Guided Implementation
This guided implementation is a nine call advisory process.
-
Call #1: Make the case
-
Call #2: Launch the project
-
Call #1: Identify regulatory requirements
-
Call #2: Conduct gap analysis
-
Call #3: Prioritize gaps
-
Call #1: Develop remediations
-
Call #2: Improve evidentiary document management
-
Call #1: Confirm compliance
-
Call #2: Introduction to audit
Guided Implementation #1 - Launch
Guided Implementation #2 - Gap Analysis
Guided Implementation #3 - Remediation
Guided Implementation #4 - Confirmation
Onsite Workshop
Module 1: Launch Proactive Compliance
The Purpose
- Identify areas for compliance improvement.
- Identify benefits of compliance management.
- Identify: compliance priority, capability, budget, capacity requirements, and resource constraints.
- Establish External Compliance Management Working Group and compliance goals.
- Establish a starting point for compliance improvement.
Key Benefits Achieved
- Clearly defined pain points of compliance management.
- Defined compliance improvement plan.
- Defined compliance team, mandate, scope, and goals for compliance improvement.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Define scope and mandate of compliance committee. |
|
| 1.2 | Define roles and responsibilities. |
|
| 1.3 | Establish compliance goals. |
|
Module 2: Assess Compliance
The Purpose
- Identify relevant regulatory requirements.
- Determine a change management process.
- Determine compliance gaps within a limited workshop scope.
- Prioritize compliance gaps based on risk likelihood and impact.
Key Benefits Achieved
- Defined regulatory requirements.
- Determined change management process.
- Identified compliance gaps.
- Prioritized gaps.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Define regulatory requirements. |
|
| 2.2 | Define change management process. |
|
| 2.3 | Conduct a sneak audit and prioritize gaps. |
|
Module 3: Remediate Non-Compliance
The Purpose
- Determine plausible remediation plans for high priority gaps.
Key Benefits Achieved
- Planned remediation measures.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Determine remediation plans. |
|
Module 4: Confirm Compliance
The Purpose
- Confirm and assure compliance.
Key Benefits Achieved
- Identify recurring compliance gaps.
- Confirm adherence to remediation.
- Assure compliance.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Conduct stakeholder interviews. |
|
| 4.2 | Conduct sneak audit. |
|
| 4.3 | Conduct external/internal formal audit. |
|
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book Now
Search Code: 77206
Published: March 25, 2015
Last Revised: March 25, 2015
