Take Control of Compliance Improvement to Conquer Every Audit. Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor. Compliance improvement and optimization is generally initiated in response to new or changed compliance requirements, a mandate from the business, or an impending audit. This reactive approach to compliance improvement is not only disruptive to business and IT operations, but is also less effective than a proactive program. A reactive approach to compliance puts your organization at risk of: Punitive Fines: If your organization is being audited by a legal regulator, non-compliance can result in fines. Severe non-compliance can cost millions of dollars. Punitive Injunctions: Take credit card payments? Not anymore. Failing to comply with PCI can result in the revocation of credit card processing capability, costing your organization millions of dollars in lost revenue. Poor Perception of IT: Unless non-compliance has been previously disclosed to the business, IT (and often the CIO) will be deemed responsible for failure to comply. People lose their jobs over this. Exposure to Personal Liability: A system breach will leave you vulnerable to loss of goodwill, civil negligence litigation, or even criminal suits that could result in jail time. Mandated Changes: Changes driven by an adverse audit opinion often cannot be deferred. Mandated process changes and IT system enhancements can be disruptive to your daily operations and be expensive. More than 88% of organizations with revenues exceeding $100 million conduct an annual IT audit and 68% of organizations with revenues less that $100 million conduct an annual IT audit. Source: From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan; Protiviti’s Third Annual Audit Benchmark Survey. 66% of IT security executives stated audit, compliance, and enforcement activities are increasing; 63% say new privacy and data protection regulatory requirements are affecting their organizations. Source: Ponemon Institute, Future State of IT Security, February 2012 – RSA Conference. The average cost of compliance is $3,259,570; the average cost of non-compliance is $9,368,351. Source: The true cost of compliance, Ponemon Institute and Tripwire, July 2011. 93% of business leaders believe executive management, such as the CIO, should be involved in the IT audit risk assessment process. Source: From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan; Protiviti’s Third Annual Audit Benchmark Survey. Over 30% of compliance executives do not measure the effectiveness of their compliance programs. Source: In Focus Compliance Trends Survey 2013, Deloitte and Compliance Week. 88% of global financial executives find managing regulatory change challenging for their business. Source: Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape, 2013. Most respondents of an AIIM records survey feel that audit costs, legal costs, court costs, fines, and damages could be reduced by 25% with best-practice records management. Source: Records Management Strategies – Plotting the Changes, AIIM 2011. 79% of executives surveyed plan to increase the number of non-financial audits they conduct to ensure that emerging threats - i.e. cyber-security - are being addressed. Source: 2014 Risk in Review: Re-evaluating how your company addresses risk, PWC. 26% of financial executives said managing external auditors was the most challenging aspect of managing regulatory change. Source: Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape, 2013.

Take Control of Compliance Improvement to Conquer Every Audit

Download PDF Report

Upload
info-tech-research-group
View
179
Download
2

Embed Size (px)

Citation preview

Page 1: Take Control of Compliance Improvement to Conquer Every Audit

A reactive approach to compliance puts your organization at risk of:

Punitive Fines: If your organization is being audited by a legal regulator, non-compliance can result in fines. Severe non-compliance can cost millions of dollars.

Punitive Injunctions: Take credit card payments? Not anymore. Failing to comply with PCI can result in the revocation of credit card processing capability, costing your organization millions of dollars in lost revenue.

Poor Perception of IT: Unless non-compliance has been previously disclosed to the business, IT (and often the CIO) will be deemed responsible for failure to comply. People lose their jobs over this.

Exposure to Personal Liability: A system breach will leave you vulnerable to loss of goodwill, civil negligence litigation, or even criminal suits that could result in jail time.

Mandated Changes: Changes driven by an adverse audit opinion often cannot be deferred. Mandated process changes and IT system enhancements can be disruptive to your daily operations and be expensive. More than 88% of organizations with revenues exceeding $100 million conduct an annual IT audit and 68% of organizations with revenues less that $100 million conduct an annual IT audit.Source: From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan; Protiviti’s Third Annual Audit Benchmark Survey.

66% of IT security executives stated audit, compliance, and enforcement activities are increasing; 63% say new privacy and data protection regulatory requirements are affecting their organizations. Source: Ponemon Institute, Future State of IT Security, February 2012 – RSA Conference.

The average cost of compliance is $3,259,570; the average cost of non-compliance is $9,368,351.Source: The true cost of compliance, Ponemon Institute and Tripwire, July 2011.

93% of business leaders believe executive management, such as the CIO, should be involved in the IT audit risk assessment process.Source: From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan; Protiviti’s Third Annual Audit Benchmark Survey.

Over 30% of compliance executives do not measure the effectiveness of their compliance programs. Source: In Focus Compliance Trends Survey 2013, Deloitte and Compliance Week.

88% of global financial executives find managing regulatory change challenging for their business.Source: Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape, 2013.

Most respondents of an AIIM records survey feel that audit costs, legal costs, court costs, fines, and damages could be reduced by 25% with best-practice records management. Source: Records Management Strategies – Plotting the Changes, AIIM 2011.

79% of executives surveyed plan to increase the number of non-financial audits they conduct to ensure that emerging threats - i.e. cyber-security - are being addressed.Source: 2014 Risk in Review: Re-evaluating how your company addresses risk, PWC.

26% of financial executives said managing external auditors was the most challenging aspect of managing regulatory change. Source: Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape, 2013.