For Security & Risk Professionals

Primary Analyst Photo	Document Information	Rate this Document
	February 1, 2007 Compliance Optimization: Defining The Right Level Of Control by Michael Rasmussen with Laura Koetzle	Average: 10  (2 ratings)

This is an excerpt

Executive Summary

In a scramble to be "compliant," firms have implemented controls with little thought to their impact on the business. In the rush to fill out checklists from regulators or auditors, compliance teams forget that control selection and management is a risk-based process. Thus, businesses end up either under-controlled — which leads to exposure to litigators and regulators — or over-controlled, which means overburdened business processes and ballooning costs. And compliance reporting and dashboards don't help; in fact, they can exacerbate the problem by giving your firm the false impression that the controls are working, when in reality they're preventing business from getting done. To avoid this disconnect, align control selection and management with risk management practices and your company's overall appetite for and tolerance of risk.

This is an excerpt

Buy Risk-Free

Price: US $499

Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.

Already a Forrester Client?
Log in to read this document.