CobiT definition:
Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimising and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business.
Control over the IT process of
Ensure compliance with external requirements
that satisfies the business requirement for IT of
ensuring compliance with laws, regulations and contractual requirements
by focusing on
identifying all applicable laws, regulations and contracts and the corresponding level of IT compliance and optimising IT processes to reduce the risk of non-compliance
is achieved by
- Identifying legal, regulatory and contractual requirements related to IT
- Assessing the impact of compliance requirements
- Monitoring and reporting on compliance with these requirements
and is measured by
- Cost of IT non-compliance, including settlements and fines
- Average time lag between identification of external compliance issues and resolution
- Frequency of compliance reviews
Control objectives:
ME3 Ensure Compliance With External Requirements
ME3.1 Identification of External Legal, Regulatory and Contractual Compliance Requirements
ME3.2 Optimisation of Response to External Requirements
ME3.3 Evaluation of Compliance With External Requirements
ME3.4 Positive Assurance of Compliance
ME3.5 Integrated Reporting
Check out the links for details on the control objectives.
No related posts.