To help set up a strong, foundational platform that will produce desired results, A Roadmap to Control examines the different pieces of control that are necessary when mapping out a program and will help you set a course to a comprehensive compliance program to move from an overarching concept to a manageable system of controls.
I believe you’d be surprised at the number of organizations that do not have a fully structured approach to evaluating the effectiveness of their system of controls. Whether their approach is not formally defined and communicated, inconsistently applied and/or inefficiently managed and monitored, they are at risk of not fully understanding whether their controls are meeting their stated objectives or worse, being completely caught off guard by a critical control failure that could lead to much more serious issues. To that end, we offer the following considerations as you evaluate the effectiveness of your control testing program.
While the concept of reporting seems to be pretty straightforward, the term “report” can have a variety of meanings, so I’m always careful to validate my understanding so I don’t veer off in some unwanted direction. After all, reporting capabilities often represents the organization’s A-1 deal breaker requirement.
Organizations stand to benefit from building a standardized control library. Even the simplest data points you capture can become part of a very compelling story about how well (or poorly) your organization is meeting its objectives. And organizing this library in a systematic and structured way allows you to keep that critical knowledge at your fingertips and answer compelling questions at a moment’s notice.
In the world where auditors, compliance managers, risk managers and the rest operate, technology can help users in their quest to gather critical information that enables them to make better business decisions more efficiently. While I know there are certain aspects of these processes that can be automated using technology, I have yet to discover the technology that has the ability to replicate or replace the additional work that these professionals perform in the context of analyzing the outputs.