Cio icon

Take Control of Compliance Improvement to Conquer Every Audit

Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

Get Instant Access
to this Blueprint

View Storyboard

Solution Set Storyboard Thumbnail


  • Heriot Prentice, Director of Technology Operations Review, Brown & Brown
  • Glen Notman, Associate Partner, Citihub
  • Tony Noblett, SVP CISO, Urban Lending Solutions
  • Carter Cameron-Huff, Consultant, Enterprise Risk Services, MNP LLP
  • Ashley Moore, Policy & Planning Program Director, Broadcasting Board of Governors
  • Most enterprises view compliance as a "must-do" expense rather than a "should-do," value-added activity.
  • IT is often left out of compliance discussions and is unaware of compliance requirements or non-compliance gaps.
  • Organizations generally wait to improve compliance until mandated changes are dictated following an adverse audit or assessment.

Our Advice

Critical Insight

  • Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.
  • Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

Impact and Result

Approach compliance proactively and derive value from the process by managing your compliance initiatives using a constant cycle.

  • You need to initiate the drive to conform with regulations and improve compliance.
  • You need to consistently assess the regulatory and business landscape to determine your compliance gaps.
  • You need to improve compliance and remediate non-compliance in an effective, tactical manner.
  • You need to confirm and assure compliance through regular adherence checks.

Info-Tech’s framework presented in this blueprint is compliant with COBIT MEA03 – Monitor, Evaluate, and Assess Compliance with External Compliance.

Research & Tools

1. Launch the project

Make the case and launch the compliance project.

2. Perform a gap analysis

Identify compliance requirements and prioritize non-compliance gaps.

3. Remediate non-compliance gaps

Improve non-compliance and document management gaps.

4. Confirm compliance

Assure and confirm compliance through interviews and audits.

Guided Implementations

This guided implementation is a nine call advisory process.

Guided Implementation #1 - Launch

Call #1 - Make the case
Call #2 - Launch the project

Guided Implementation #2 - Gap Analysis

Call #1 - Identify regulatory requirements
Call #2 - Conduct gap analysis
Call #3 - Prioritize gaps

Guided Implementation #3 - Remediation

Call #1 - Develop remediations
Call #2 - Improve evidentiary document management

Guided Implementation #4 - Confirmation

Call #1 - Confirm compliance
Call #2 - Introduction to audit

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world-class IT team.

An active membership is required to access Info-Tech Academy

New to Info-Tech Academy? Learn more here

External Compliance

Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.
This course makes up part of the Security & Risk Certificate.

Course information:

  • Title: External Compliance
  • Number of Course Modules: 5
  • Estimated Time to Complete: 2-2.5 hours
  • Featured Analysts:
  • David Yackness, Sr. Research Director, CIO Practice
  • James Alexander, SVP of Research and Advisory, CIO Practice
  • Now Playing: Academy: External Compliance | Executive Brief

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Launch Proactive Compliance

The Purpose

  • Identify areas for compliance improvement.
  • Identify benefits of compliance management.
  • Identify: compliance priority, capability, budget, capacity requirements, and resource constraints.
  • Establish External Compliance Management Working Group and compliance goals.
  • Establish a starting point for compliance improvement. 

Key Benefits Achieved

  • Clearly defined pain points of compliance management.
  • Defined compliance improvement plan.
  • Defined compliance team, mandate, scope, and goals for compliance improvement. 




Define scope and mandate of compliance committee.

  • Defined project charter.

Define roles and responsibilities.

  • Defined roles and responsibilities.

Establish compliance goals.

  • Defined compliance goals.

Module 2: Assess Compliance

The Purpose

  • Identify relevant regulatory requirements.
  • Determine a change management process.
  • Determine compliance gaps within a limited workshop scope.
  • Prioritize compliance gaps based on risk likelihood and impact. 

Key Benefits Achieved

  • Defined regulatory requirements.
  • Determined change management process.
  • Identified compliance gaps.
  • Prioritized gaps.




Define regulatory requirements.

  • List of relevant regulations.

Define change management process.

  • Assigned change management owner.

Conduct a sneak audit and prioritize gaps.

  • List of prioritized compliance gaps (within limited workshop scope).

Module 3: Remediate Non-Compliance

The Purpose

  • Determine plausible remediation plans for high priority gaps.

Key Benefits Achieved

  • Planned remediation measures.




Determine remediation plans.

  • List of remediation plans.

Module 4: Confirm Compliance

The Purpose

  • Confirm and assure compliance.

Key Benefits Achieved

  • Identify recurring compliance gaps.
  • Confirm adherence to remediation.
  • Assure compliance.  




Conduct stakeholder interviews.

  • List of recurring gaps.

Conduct sneak audit.

  • List of root causes.

Conduct external/internal formal audit.

  • Official findings.

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.




$ Saved

Days Saved

Government of Cayman Islands

Guided Implementation




ISG Central Services Ltd.

Guided Implementation




TriServe Tech

Guided Implementation




Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019