ME3 Ensure Compliance With External Requirements

by Bill Oxley

CobiT definition:

Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimising and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business.

Control over the IT process of
Ensure compliance with external requirements

that satisfies the business requirement for IT of
ensuring compliance with laws, regulations and contractual requirements

by focusing on
identifying all applicable laws, regulations and contracts and the corresponding level of IT compliance and optimising IT processes to reduce the risk of non-compliance

is achieved by

  • Identifying legal, regulatory and contractual requirements related to IT
  • Assessing the impact of compliance requirements
  • Monitoring and reporting on compliance with these requirements

and is measured by

  • Cost of IT non-compliance, including settlements and fines
  • Average time lag between identification of external compliance issues and resolution
  • Frequency of compliance reviews

Control objectives:

ME3 Ensure Compliance With External Requirements

ME3.1 Identification of External Legal, Regulatory and Contractual Compliance Requirements
ME3.2 Optimisation of Response to External Requirements
ME3.3 Evaluation of Compliance With External Requirements
ME3.4 Positive Assurance of Compliance
ME3.5 Integrated Reporting

Check out the links for details on the control objectives.

Leave a Comment

Previous post:

Next post: