Free Assessment: 177 Risk and Compliance Management Things You Should Know

What is involved in Compliance Management

Find out what the related areas are that Compliance Management connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Compliance Management thinking-frame.

How far is your company on its Risk and Compliance Management journey?

Take this short survey to gauge your organization’s progress toward Risk and Compliance Management leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Compliance Management related domains to cover and 177 essential critical questions to check off in that domain.

The following domains are covered:

Compliance Management, Governance, risk management, and compliance, Chief compliance officer, Chief governance officer, Climate governance, Clinical governance, Collaborative governance, Conformity assessment, Corporate governance, Cultural governance, Data governance, Earth system governance, Ecclesiastical polity, Enterprise risk management, Environmental, social and corporate governance, Environmental governance, Global governance, Good governance, Governance in higher education, ISO 19600, Information Technology, Information governance, Information system, Local governance, Market governance mechanism, Multistakeholder governance model, Network governance, Ocean governance, Open-source governance, Political party governance, Private governance, Project governance, Records management, Regulatory compliance, Risk appetite, Risk management, SOA governance, Security sector governance and reform, Simulation Governance, Soil governance, Sustainable Governance Indicators, Technology governance, Transnational governance, Website governance, World Governance Index:

Compliance Management Critical Criteria:

Focus on Compliance Management governance and define what do we need to start doing with Compliance Management.

– In what ways are Compliance Management vendors and us interacting to ensure safe and effective use?

– Do Compliance Management rules make a reasonable demand on a users capabilities?

– How do we maintain Compliance Managements Integrity?

Governance, risk management, and compliance Critical Criteria:

Judge Governance, risk management, and compliance results and report on the economics of relationships managing Governance, risk management, and compliance and constraints.

– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Compliance Management. How do we gain traction?

– Who will be responsible for making the decisions to include or exclude requested changes once Compliance Management is underway?

– How do we Lead with Compliance Management in Mind?

Chief compliance officer Critical Criteria:

Own Chief compliance officer leadership and differentiate in coordinating Chief compliance officer.

– Which Compliance Management goals are the most important?

– Why should we adopt a Compliance Management framework?

Chief governance officer Critical Criteria:

Deduce Chief governance officer visions and secure Chief governance officer creativity.

– What are your results for key measures or indicators of the accomplishment of your Compliance Management strategy and action plans, including building and strengthening core competencies?

– What are the business goals Compliance Management is aiming to achieve?

– What are specific Compliance Management Rules to follow?

Climate governance Critical Criteria:

Pilot Climate governance management and sort Climate governance activities.

– Can Management personnel recognize the monetary benefit of Compliance Management?

Clinical governance Critical Criteria:

Group Clinical governance decisions and create Clinical governance explanations for all managers.

– Where do ideas that reach policy makers and planners as proposals for Compliance Management strengthening and reform actually originate?

– What is the total cost related to deploying Compliance Management, including any consulting or professional services?

– What is the purpose of Compliance Management in relation to the mission?

Collaborative governance Critical Criteria:

Look at Collaborative governance projects and create Collaborative governance explanations for all managers.

– Think about the functions involved in your Compliance Management project. what processes flow from these functions?

– Is there a Compliance Management Communication plan covering who needs to get what information when?

– How will you know that the Compliance Management project has been successful?

Conformity assessment Critical Criteria:

Have a session on Conformity assessment management and define Conformity assessment competency-based leadership.

– What are our best practices for minimizing Compliance Management project risk, while demonstrating incremental value and quick wins throughout the Compliance Management project lifecycle?

– What role(s) do or should national/international standards and organizations that develop national/international standards play in critical infrastructure Cybersecurity conformity assessment?

– Does our organization need more Compliance Management education?

– Why is Compliance Management important for you now?

Corporate governance Critical Criteria:

Powwow over Corporate governance projects and question.

– How do we go about Securing Compliance Management?

Cultural governance Critical Criteria:

Learn from Cultural governance goals and describe the risks of Cultural governance sustainability.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Compliance Management services/products?

– Can we do Compliance Management without complex (expensive) analysis?

– How do we keep improving Compliance Management?

Data governance Critical Criteria:

Guide Data governance failures and budget for Data governance challenges.

– When sharing data, are appropriate procedures, such as sharing agreements, put in place to ensure that any Personally identifiable information remains strictly confidential and protected from unauthorized disclosure?

– How does your organization assess staff training needs and ensure job/role specific information governance training is provided to all staff?

– How to determine what is yo be included in an inventory and how, when, how often, and by whom it should be updated?

– Establish benchmarks and baselines to help track Data Quality -is it deteriorating or remaining constant?

– How will decisions regarding these key enterprise data processes be made and monitored?

– Enterprise architecture planning. how does it align with to the to be architecture?

– Backup considerations how often. how does it get refreshed when there is a crash?

– What is your data governance organization s approach to consistent communication?

– Can it be used to validate data or does it need validation performed on it?

– Are there opportunities from making this available to a broader audience?

– Document distribution how does taxonomy shape match that of content?

– Can the data element be clearly and commonly defined?

– How do you decide which goals you should pursue?

– How does it get refreshed when there is a crash?

– Do you have a role in data governance?

– Security. should it be encrypted?

– Is there a data dictionary?

– Existing data connections?

– How do they help search?

– Other data stewards?

Earth system governance Critical Criteria:

Track Earth system governance planning and budget for Earth system governance challenges.

– How do you determine the key elements that affect Compliance Management workforce satisfaction? how are these elements determined for different workforce groups and segments?

– What tools and technologies are needed for a custom Compliance Management project?

Ecclesiastical polity Critical Criteria:

Rank Ecclesiastical polity adoptions and stake your claim.

– Do those selected for the Compliance Management team have a good general understanding of what Compliance Management is all about?

– Does Compliance Management appropriately measure and monitor risk?

Enterprise risk management Critical Criteria:

Collaborate on Enterprise risk management results and frame using storytelling to create more compelling Enterprise risk management projects.

– Has management conducted a comprehensive evaluation of the entirety of enterprise Risk Management at least once every three years or sooner if a major strategy or management change occurs, a program is added or deleted, changes in economic or political conditions exist, or changes in operations or methods of processing information have occurred?

– Does the information infrastructure convert raw data into more meaningful, relevant information to create knowledgeable and wise decisions that assists personnel in carrying out their enterprise Risk Management and other responsibilities?

– Has management considered from external parties (e.g., customers, vendors and others doing business with the entity, external auditors, and regulators) important information on the functioning of an entitys enterprise Risk Management?

– Are findings of enterprise Risk Management deficiencies reported to the individual responsible for the function or activity involved, as well as to at least one level of management above that person?

– Do regular face-to-face meetings occur with risk champions or other employees from a range of functions and entity units with responsibility for aspects of enterprise Risk Management?

– Is a technical solution for data loss prevention -i.e., systems designed to automatically monitor for data leakage -considered essential to enterprise risk management?

– Has management taken appropriate corrective actions related to reports from external sources for their implications for enterprise Risk Management?

– What tools do you use once you have decided on a Compliance Management strategy and more importantly how do you choose?

– Has management taken an occasional fresh look at focusing directly on enterprise Risk Management effectiveness?

– To what extent is Cybersecurity risk incorporated into organizations overarching enterprise Risk Management?

– To what extent is Cybersecurity risk incorporated into organizations overarching enterprise Risk Management?

– To what extent is Cybersecurity Risk Management integrated into enterprise risk management?

– Do policy and procedure manuals address managements enterprise Risk Management philosophy?

– How is the enterprise Risk Management model used to assess and respond to risk?

– Do you monitor the effectiveness of your Compliance Management activities?

– When you need advice about enterprise Risk Management, whom do you call?

– Will Compliance Management deliverables need to be tested and, if so, by whom?

– What is our enterprise Risk Management strategy?

Environmental, social and corporate governance Critical Criteria:

Guard Environmental, social and corporate governance goals and give examples utilizing a core of simple Environmental, social and corporate governance skills.

– Does Compliance Management systematically track and analyze outcomes for accountability and quality improvement?

– What knowledge, skills and characteristics mark a good Compliance Management project manager?

Environmental governance Critical Criteria:

Prioritize Environmental governance strategies and get the big picture.

– How do we make it meaningful in connecting Compliance Management with what users do day-to-day?

– Do we have past Compliance Management Successes?

Global governance Critical Criteria:

Frame Global governance engagements and innovate what needs to be done with Global governance.

– Will Compliance Management have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– Think of your Compliance Management project. what are the main functions?

Good governance Critical Criteria:

Value Good governance strategies and devise Good governance key steps.

– what is the best design framework for Compliance Management organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?

– What are our Compliance Management Processes?

Governance in higher education Critical Criteria:

Define Governance in higher education visions and budget for Governance in higher education challenges.

– Consider your own Compliance Management project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?

ISO 19600 Critical Criteria:

Incorporate ISO 19600 tasks and inform on and uncover unspoken needs and breakthrough ISO 19600 results.

– Why are Compliance Management skills important?

Information Technology Critical Criteria:

Add value to Information Technology results and research ways can we become the Information Technology company that would put us out of business.

– Do the response plans address damage assessment, site restoration, payroll, Human Resources, information technology, and administrative support?

– Does your company have defined information technology risk performance metrics that are monitored and reported to management on a regular basis?

– If a survey was done with asking organizations; Is there a line between your information technology department and your information security department?

– How does new information technology come to be applied and diffused among firms?

– How does the organization define, manage, and improve its Compliance Management processes?

– The difference between data/information and information technology (it)?

– When do you ask for help from Information Technology (IT)?

– How would one define Compliance Management leadership?

– Is a Compliance Management Team Work effort in place?

Information governance Critical Criteria:

Frame Information governance results and get out your magnifying glass.

– How is the chief executive or equivalent management board consulted and/or informed of information governance issues?

– What governance arrangements do you have in place to support the current and evolving information governance agenda?

– What is the organizations most effective method of training for information governance knowledge and skills?

– In relation to information governance, what are the key challenges or changes facing your organization?

– What is the organizations preferred method of training for information governance knowledge and skills?

– Meeting the challenge: are missed Compliance Management opportunities costing us money?

– Who will provide the final approval of Compliance Management deliverables?

– How much does Compliance Management help?

Information system Critical Criteria:

Reorganize Information system quality and reinforce and communicate particularly sensitive Information system decisions.

– Have we developed a continuous monitoring strategy for the information systems (including monitoring of security control effectiveness for system-specific, hybrid, and common controls) that reflects the organizational Risk Management strategy and organizational commitment to protecting critical missions and business functions?

– On what terms should a manager of information systems evolution and maintenance provide service and support to the customers of information systems evolution and maintenance?

– Has your organization conducted a cyber risk or vulnerability assessment of its information systems, control systems, and other networked systems?

– Would an information systems (is) group with more knowledge about a data production process produce better quality data for data consumers?

– Are information systems and the services of information systems things of value that have suppliers and customers?

– What does the customer get from the information systems performance, and on what does that depend, and when?

– What other jobs or tasks affect the performance of the steps in the Compliance Management process?

– What are the principal business applications (i.e. information systems available from staff PC desktops)?

– What are information systems, and who are the stakeholders in the information systems game?

– What is the source of the strategies for Compliance Management strengthening and reform?

– How secure -well protected against potential risks is the information system ?

– Is unauthorized access to information held in information systems prevented?

– What does integrity ensure in an information system?

– Is authorized user access to information systems ensured?

– How are our information systems developed ?

– Is security an integral part of information systems?

Local governance Critical Criteria:

Focus on Local governance decisions and sort Local governance activities.

– Does Compliance Management analysis show the relationships among important Compliance Management factors?

– Is Compliance Management dependent on the successful delivery of a current project?

Market governance mechanism Critical Criteria:

Accumulate Market governance mechanism tactics and oversee implementation of Market governance mechanism.

– Is maximizing Compliance Management protection the same as minimizing Compliance Management loss?

– How important is Compliance Management to the user organizations mission?

– Are there Compliance Management Models?

Multistakeholder governance model Critical Criteria:

Model after Multistakeholder governance model risks and sort Multistakeholder governance model activities.

– Are accountability and ownership for Compliance Management clearly defined?

– How do we manage Compliance Management Knowledge Management (KM)?

– Are we Assessing Compliance Management and Risk?

Network governance Critical Criteria:

Powwow over Network governance planning and remodel and develop an effective Network governance strategy.

– How can you negotiate Compliance Management successfully with a stubborn boss, an irate client, or a deceitful coworker?

– What prevents me from making the changes I know will make me a more effective Compliance Management leader?

– What business benefits will Compliance Management goals deliver if achieved?

Ocean governance Critical Criteria:

Experiment with Ocean governance projects and report on the economics of relationships managing Ocean governance and constraints.

– How do we go about Comparing Compliance Management approaches/solutions?

Open-source governance Critical Criteria:

Steer Open-source governance tactics and finalize specific methods for Open-source governance acceptance.

– Who is the main stakeholder, with ultimate responsibility for driving Compliance Management forward?

– What are current Compliance Management Paradigms?

Political party governance Critical Criteria:

Sort Political party governance strategies and acquire concise Political party governance education.

Private governance Critical Criteria:

Refer to Private governance engagements and inform on and uncover unspoken needs and breakthrough Private governance results.

– To what extent does management recognize Compliance Management as a tool to increase the results?

Project governance Critical Criteria:

Shape Project governance visions and innovate what needs to be done with Project governance.

– How do senior leaders actions reflect a commitment to the organizations Compliance Management values?

Records management Critical Criteria:

Accumulate Records management risks and shift your focus.

– What management system can we use to leverage the Compliance Management experience, ideas, and concerns of the people closest to the work to be done?

– Have records center personnel received training on the records management aspects of the Quality Assurance program?

– How to deal with Compliance Management Changes?

Regulatory compliance Critical Criteria:

Dissect Regulatory compliance failures and gather Regulatory compliance models .

– Does Compliance Management include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?

– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?

– What role does communication play in the success or failure of a Compliance Management project?

– What are the record-keeping requirements of Compliance Management activities?

– Do we all define Compliance Management in the same way?

– What is Regulatory Compliance ?

Risk appetite Critical Criteria:

Merge Risk appetite issues and report on developing an effective Risk appetite strategy.

– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Compliance Management process. ask yourself: are the records needed as inputs to the Compliance Management process available?

– How do we revise the risk appetite statement so that we can link it to risk culture, roll it out effectively to the business units and bring it to life for them. How do we make it meaningful in connecting it with what they do day-to-day?

– Is there a clearly defined IT risk appetite that has been successfully implemented?

– Risk appetite: at what point does the risk become unacceptable?

– Are there recognized Compliance Management problems?

Risk management Critical Criteria:

Check Risk management engagements and look at it backwards.

– What collaborative organizations or efforts has your company interacted with or become involved with to improve its Cybersecurity posture (such as NESCO, NESCOR, Fusion centers, Infragard, US-CERT, ICS-CERT, E-ISAC, SANS, HSIN, the Cross-Sector Cyber Security Working Group of the National Sector Partnership, etc.)?

– Will our actions, process, program or procedure result in the loss of revenue, workforce downtime, litigation, or increased resource expenditure?

– What programs/projects/departments/groups have some or all responsibility for business continuity/Risk Management/organizational resilience?

– Is there a repeatable reporting process in place across the entities, so results are centrally coordinated, organized, and managed?

– Which is the financial loss that the organization will experience as a result of a security incident due to the residual risk ?

– Market risk -Will the new service or product be useful to the organization or marketable to others?

– Are individuals specifically assigned Cybersecurity responsibility?

– Is our Cybersecurity strategy aligned with our business objectives?

– How often does the management team discuss Cybersecurity?

– what is our biggest challenge to stress testing?

– What scope do you want your strategy to cover?

– What can be done to reduce or eliminate risks?

– What is your process/plan for managing risk?

– Why is Risk Management needed?

– Do we need more contingency?

SOA governance Critical Criteria:

Win new insights about SOA governance engagements and innovate what needs to be done with SOA governance.

– What is our formula for success in Compliance Management ?

– What threat is Compliance Management addressing?

Security sector governance and reform Critical Criteria:

Debate over Security sector governance and reform projects and assess what counts with Security sector governance and reform that we are not counting.

Simulation Governance Critical Criteria:

Demonstrate Simulation Governance engagements and find out.

– Can we add value to the current Compliance Management decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?

– In a project to restructure Compliance Management outcomes, which stakeholders would you involve?

Soil governance Critical Criteria:

Steer Soil governance issues and visualize why should people listen to you regarding Soil governance.

Sustainable Governance Indicators Critical Criteria:

Accelerate Sustainable Governance Indicators planning and prioritize challenges of Sustainable Governance Indicators.

– How do we measure improved Compliance Management service perception, and satisfaction?

Technology governance Critical Criteria:

Have a session on Technology governance issues and handle a jump-start course to Technology governance.

– For your Compliance Management project, identify and describe the business environment. is there more than one layer to the business environment?

Transnational governance Critical Criteria:

Meet over Transnational governance projects and oversee implementation of Transnational governance.

– What are your current levels and trends in key measures or indicators of Compliance Management product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?

Website governance Critical Criteria:

Coach on Website governance tasks and get going.

– Think about the people you identified for your Compliance Management project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– Does the Compliance Management task fit the clients priorities?

World Governance Index Critical Criteria:

Check World Governance Index outcomes and modify and define the unique characteristics of interactive World Governance Index projects.

– Who needs to know about Compliance Management ?

– Is Compliance Management Required?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Risk and Compliance Management Self Assessment:

Author: Gerard Blokdijk

CEO at The Art of Service |

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Compliance Management External links:

About Us | Compliance Management International

PASS UST Operator Training & Compliance Management

Ascendant Compliance | Ascendant Compliance Management …

Governance, risk management, and compliance External links:

Career Path – Governance, Risk Management, and Compliance …

Chief compliance officer External links:

Chief Compliance Officer Support –

General Counsel & Chief Compliance Officer Daniel Follis, Jr.

Chief governance officer External links:

Chief Governance Officer, OSGE | Devex

Clinical governance External links:

Clinical Governance Essays –

[PPT]Clinical Governance – University of Pittsburgh

Collaborative governance External links:

Welcome to Collaborative Governance

Collaborative Governance: The Case of WNC EdNET « …

Conformity assessment External links:

AB-CAB – Accreditation Board for Conformity Assessment …

Corporate governance External links:

Briefing: Governance | Davis Polk | Corporate Governance

The Harvard Law School Forum on Corporate Governance …

Corporate Governance – Chicago United

Data governance External links:

Dataguise | Sensitive Data Governance

[PDF]Data Governance Overview – Oklahoma – Welcome to …

Data Governance Analyst Jobs, Employment |

Earth system governance External links:

Earth System Governance | The MIT Press

Earth System Governance | The MIT Press

Earth System Governance Project – Home | Facebook

Enterprise risk management External links:

[PDF]Guide to Enterprise Risk Management – Office of The …

ERM Software | Enterprise Risk Management & GRC …

Enterprise Risk Management Compliance and …

Environmental, social and corporate governance External links:

Environmental, social and corporate governance – …,_social_and_corporate_governance

Environmental governance External links:

Environmental governance | UN Environment

Global governance External links:

Global Governance Watch©

Global Governance Monitor –

Global Governance Software

Good governance External links:

Promoting good governance – Walmart Corporate

The Good Governance Awards, 2017

TASB Good Governance

Information Technology External links:

Rebelmail | UNLV Office of Information Technology (OIT)

Box @ IU | University Information Technology Services

OHIO: Office of Information Technology |About Email

Information governance External links:

Information Governance (IG) – American Health …

Information Governance | InfoGov Basics

Information system External links:

[PDF]National Motor Vehicle Title Information System

National Motor Vehicle Title Information System

National Motor Vehicle Title Information System (NMVTIS)

Local governance External links:

The Hague Academy for Local Governance – Home | …

DeLoG – Decentralisation & Local Governance

Local Governance Research Labatory

Network governance External links:

POD Network Governance – POD Network: Professional …

Globalization, Edu-Business and Network Governance: …

Ocean governance External links:

Ocean Governance for Sustainability – Challenges, …

Private governance External links:

[PDF]Merging Public and Private Governance: How Disney’s …

Project governance External links:


[PDF]Payroll Services Consolidation Project Governance … Structure PSCP.pdf

NuGet Project Governance | Microsoft Docs

Records management External links:

Records Management – Record Series

Records Management Policy | Policies & Procedures

Document Storage – Records Management – Shredding | …

Regulatory compliance External links:

Regulatory Compliance testing and certification

Trinity Consultants – Regulatory Compliance …

Anti-kickback & Stark Compliance — Regulatory Compliance

Risk appetite External links:

Risk Appetite – BrightTALK


What is risk appetite? – Definition from

Risk management External links:

Risk management
Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Risk Management Job Titles | Enlighten Jobs

Risk Management –

SOA governance External links:

SOA Governance Standards | OCIO

SOA governance technologies – Gartner IT Glossary

Soil governance External links:

Technology governance External links:

[PDF]Information Technology Governance

Information Technology Governance Committee (ITGC)

Transnational governance External links:

School of Transnational Governance