Reporting on the effectiveness of controls
Reporting on GRC (governance, risk and compliance) matters is now simply a part of running an organization. The more accurate and up-to-date these reports, the more useful they are. However, the effectiveness of control is open to interpretation, and that interpretation can change depending on who the report is for and how much detail is required. In our roundtable discussions, it was made clear that much of this challenge comes down to metrics, and only using metrics that are accurate and meaningful in a given context. For instance, a control owner will need to see a lot more detail than a senior manager, who might only be looking for a top-line summary. With the introduction of automation, feeds can be taken from different controls to ensure that compliance is continuously monitored, making reporting even more useful.
Other challenges were also discussed as part of the roundtable discussions, such as how to align corporate risk with compliance, what to do when regulations change, and how to create a culture of compliance throughout an organization. The discussions also touched on best practice when it comes to managing third-party compliance. None of these challenges will come as news to businesses trying to get on top of their compliance objectives, but rare to have so many IT and compliance professionals in one space discussing actionable, real-world solutions in context.
This series of roundtable events was moderated by Rela8 Group’s Technology Leaders Club and, as well as our own Product Senior Director Matthew Davies, featured CISOs, VPs, cybersecurity heads and senior compliance managers from across the business landscape.