9.4. A Regulatory Model
In Chapter 3, we explored the policy life cycle and showed how it can be used to create a continuous process of risk and compliance management across the organization. We discussed the fact that internal policy requirements are generally determined by a combination of corporate business objectives, regulatory requirements, and enterprise risks. Policies are then created to meet these requirements, and controls are implemented to ensure compliance with the policies. In general, as controls are tested, failure rates are measured; remediation may become necessary when these rates are outside the acceptable tolerance levels. As controls exhibit errors, the associated risks should be modified so that the current risk profile ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
