Best Practice Report

Compliance Optimization: Defining The Right Level Of Control

February 1st, 2007
MR
Michael Rasmussen
With contributor:
Laura Koetzle

Summary

In a scramble to be "compliant," firms have implemented controls with little thought to their impact on the business. In the rush to fill out checklists from regulators or auditors, compliance teams forget that control selection and management is a risk-based process. Thus, businesses end up either under-controlled — which leads to exposure to litigators and regulators — or over-controlled, which means overburdened business processes and ballooning costs. And compliance reporting and dashboards don't help; in fact, they can exacerbate the problem by giving your firm the false impression that the controls are working, when in reality they're preventing business from getting done. To avoid this disconnect, align control selection and management with risk management practices and your company's overall appetite for and tolerance of risk.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.