Free Assessment: 183 Risk and Compliance Management Things You Should Know

What is involved in Compliance Management

Find out what the related areas are that Compliance Management connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Compliance Management thinking-frame.

How far is your company on its Risk and Compliance Management journey?

Take this short survey to gauge your organization’s progress toward Risk and Compliance Management leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Compliance Management related domains to cover and 183 essential critical questions to check off in that domain.

The following domains are covered:

Compliance Management, Governance, risk management, and compliance, Chief compliance officer, Chief governance officer, Climate governance, Clinical governance, Collaborative governance, Conformity assessment, Corporate governance, Cultural governance, Data governance, Earth system governance, Ecclesiastical polity, Enterprise risk management, Environmental, social and corporate governance, Environmental governance, Global governance, Good governance, Governance in higher education, ISO 19600, Information Technology, Information governance, Information system, Local governance, Market governance mechanism, Multistakeholder governance model, Network governance, Ocean governance, Open-source governance, Political party governance, Private governance, Project governance, Records management, Regulatory compliance, Risk appetite, Risk management, SOA governance, Security sector governance and reform, Simulation governance, Soil governance, Sustainable Governance Indicators, Technology governance, Transnational governance, Website governance, World Governance Index:

Compliance Management Critical Criteria:

Frame Compliance Management planning and describe which business rules are needed as Compliance Management interface.

– Think about the kind of project structure that would be appropriate for your Compliance Management project. should it be formal and complex, or can it be less formal and relatively simple?

– Who will be responsible for deciding whether Compliance Management goes ahead or not after the initial investigations?

– Who sets the Compliance Management standards?

Governance, risk management, and compliance Critical Criteria:

Meet over Governance, risk management, and compliance adoptions and get out your magnifying glass.

– Does Compliance Management systematically track and analyze outcomes for accountability and quality improvement?

– How do senior leaders actions reflect a commitment to the organizations Compliance Management values?

– Is the Compliance Management organization completing tasks effectively and efficiently?

Chief compliance officer Critical Criteria:

Communicate about Chief compliance officer leadership and modify and define the unique characteristics of interactive Chief compliance officer projects.

– Think about the people you identified for your Compliance Management project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– Are there any disadvantages to implementing Compliance Management? There might be some that are less obvious?

Chief governance officer Critical Criteria:

Have a meeting on Chief governance officer failures and slay a dragon.

– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Compliance Management processes?

– How can you measure Compliance Management in a systematic way?

Climate governance Critical Criteria:

Define Climate governance strategies and achieve a single Climate governance view and bringing data together.

– Which customers cant participate in our Compliance Management domain because they lack skills, wealth, or convenient access to existing solutions?

– Are there recognized Compliance Management problems?

– How do we Lead with Compliance Management in Mind?

Clinical governance Critical Criteria:

Be responsible for Clinical governance decisions and oversee Clinical governance requirements.

– What is the total cost related to deploying Compliance Management, including any consulting or professional services?

– Do Compliance Management rules make a reasonable demand on a users capabilities?

Collaborative governance Critical Criteria:

Be responsible for Collaborative governance visions and document what potential Collaborative governance megatrends could make our business model obsolete.

– For your Compliance Management project, identify and describe the business environment. is there more than one layer to the business environment?

– What role does communication play in the success or failure of a Compliance Management project?

Conformity assessment Critical Criteria:

Facilitate Conformity assessment risks and customize techniques for implementing Conformity assessment controls.

– What role(s) do or should national/international standards and organizations that develop national/international standards play in critical infrastructure Cybersecurity conformity assessment?

– What will be the consequences to the business (financial, reputation etc) if Compliance Management does not go ahead or fails to deliver the objectives?

– In a project to restructure Compliance Management outcomes, which stakeholders would you involve?

Corporate governance Critical Criteria:

Deliberate over Corporate governance management and interpret which customers can’t participate in Corporate governance because they lack skills.

– What potential environmental factors impact the Compliance Management effort?

– Is Supporting Compliance Management documentation required?

– Why should we adopt a Compliance Management framework?

Cultural governance Critical Criteria:

Incorporate Cultural governance quality and define what our big hairy audacious Cultural governance goal is.

– To what extent does management recognize Compliance Management as a tool to increase the results?

– Have all basic functions of Compliance Management been defined?

– How do we go about Securing Compliance Management?

Data governance Critical Criteria:

Incorporate Data governance issues and correct better engagement with Data governance results.

– Has an assessment been conducted to ensure the long-term sustainability of the proposed or established data governance policies and procedures, including adequate staffing, tools, technologies, and resources?

– What about other business related data, such as, customer data, supplier data, or spatial data?

– Who can provide us with information about our current data systems and data elements?

– Fundamental problem for users: how to search for an image that conveys what you want?

– Enterprise architecture planning. how does it align with to the to be architecture?

– The front-ends are dependent on data. how is that data governed?

– How do most enterprises manage hierarchical master data today?

– Who should decide the length of a data field in a new system?

– What activities does the governance board need to consider?

– What will data governance look like in your organization?

– Is data subject to legislative oversight or mandates?

– What are the key objectives of your organization?

– How will decisions be made and monitored?

– What else are you trying to accomplish?

– Why is lack of data governance urgent?

– Can you make a build in one step?

– Who should do what, and when?

– Is there a data dictionary?

– Is the data available?

– Were not doing what?

Earth system governance Critical Criteria:

Recall Earth system governance leadership and look at the big picture.

– How do we make it meaningful in connecting Compliance Management with what users do day-to-day?

– How to deal with Compliance Management Changes?

– Are there Compliance Management Models?

Ecclesiastical polity Critical Criteria:

Trace Ecclesiastical polity projects and simulate teachings and consultations on quality process improvement of Ecclesiastical polity.

– What are the long-term Compliance Management goals?

Enterprise risk management Critical Criteria:

Cut a stake in Enterprise risk management results and be persistent.

– Has management conducted a comprehensive evaluation of the entirety of enterprise Risk Management at least once every three years or sooner if a major strategy or management change occurs, a program is added or deleted, changes in economic or political conditions exist, or changes in operations or methods of processing information have occurred?

– Does the information infrastructure convert raw data into more meaningful, relevant information to create knowledgeable and wise decisions that assists personnel in carrying out their enterprise Risk Management and other responsibilities?

– Has management considered from external parties (e.g., customers, vendors and others doing business with the entity, external auditors, and regulators) important information on the functioning of an entitys enterprise Risk Management?

– Are findings of enterprise Risk Management deficiencies reported to the individual responsible for the function or activity involved, as well as to at least one level of management above that person?

– Do regular face-to-face meetings occur with risk champions or other employees from a range of functions and entity units with responsibility for aspects of enterprise Risk Management?

– Is a technical solution for data loss prevention -i.e., systems designed to automatically monitor for data leakage -considered essential to enterprise risk management?

– Has management taken appropriate corrective actions related to reports from external sources for their implications for enterprise Risk Management?

– Has management taken an occasional fresh look at focusing directly on enterprise Risk Management effectiveness?

– To what extent is Cybersecurity risk incorporated into organizations overarching enterprise Risk Management?

– To what extent is Cybersecurity risk incorporated into organizations overarching enterprise Risk Management?

– To what extent is Cybersecurity Risk Management integrated into enterprise risk management?

– Do policy and procedure manuals address managements enterprise Risk Management philosophy?

– When a Compliance Management manager recognizes a problem, what options are available?

– How is the enterprise Risk Management model used to assess and respond to risk?

– When you need advice about enterprise Risk Management, whom do you call?

– What is our enterprise Risk Management strategy?

Environmental, social and corporate governance Critical Criteria:

Accommodate Environmental, social and corporate governance tactics and don’t overlook the obvious.

– How do your measurements capture actionable Compliance Management information for use in exceeding your customers expectations and securing your customers engagement?

– Is Compliance Management dependent on the successful delivery of a current project?

– Who will be responsible for documenting the Compliance Management requirements in detail?

Environmental governance Critical Criteria:

Recall Environmental governance projects and achieve a single Environmental governance view and bringing data together.

– How important is Compliance Management to the user organizations mission?

Global governance Critical Criteria:

Wrangle Global governance engagements and cater for concise Global governance education.

– What sources do you use to gather information for a Compliance Management study?

Good governance Critical Criteria:

Canvass Good governance adoptions and describe the risks of Good governance sustainability.

– What are our best practices for minimizing Compliance Management project risk, while demonstrating incremental value and quick wins throughout the Compliance Management project lifecycle?

– Do we have past Compliance Management Successes?

Governance in higher education Critical Criteria:

Unify Governance in higher education visions and report on the economics of relationships managing Governance in higher education and constraints.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Compliance Management services/products?

– How can we incorporate support to ensure safe and effective use of Compliance Management into the services that we provide?

– Is maximizing Compliance Management protection the same as minimizing Compliance Management loss?

ISO 19600 Critical Criteria:

Consider ISO 19600 visions and tour deciding if ISO 19600 progress is made.

Information Technology Critical Criteria:

Contribute to Information Technology adoptions and report on setting up Information Technology without losing ground.

– Does your company have defined information technology risk performance metrics that are monitored and reported to management on a regular basis?

– Do the response plans address damage assessment, site restoration, payroll, Human Resources, information technology, and administrative support?

– If a survey was done with asking organizations; Is there a line between your information technology department and your information security department?

– How does new information technology come to be applied and diffused among firms?

– The difference between data/information and information technology (it)?

– When do you ask for help from Information Technology (IT)?

– How to Secure Compliance Management?

Information governance Critical Criteria:

Mine Information governance risks and separate what are the business goals Information governance is aiming to achieve.

– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new Compliance Management in a volatile global economy?

– What are your key performance measures or indicators and in-process measures for the control and improvement of your Compliance Management processes?

– How does your organization assess staff training needs and ensure job/role specific information governance training is provided to all staff?

– How is the chief executive or equivalent management board consulted and/or informed of information governance issues?

– What governance arrangements do you have in place to support the current and evolving information governance agenda?

– What is the organizations most effective method of training for information governance knowledge and skills?

– In relation to information governance, what are the key challenges or changes facing your organization?

– What is the organizations preferred method of training for information governance knowledge and skills?

– What is our formula for success in Compliance Management ?

Information system Critical Criteria:

Differentiate Information system adoptions and handle a jump-start course to Information system.

– Have we developed a continuous monitoring strategy for the information systems (including monitoring of security control effectiveness for system-specific, hybrid, and common controls) that reflects the organizational Risk Management strategy and organizational commitment to protecting critical missions and business functions?

– On what terms should a manager of information systems evolution and maintenance provide service and support to the customers of information systems evolution and maintenance?

– Has your organization conducted a cyber risk or vulnerability assessment of its information systems, control systems, and other networked systems?

– Are information security events and weaknesses associated with information systems communicated in a manner to allow timely corrective action to be taken?

– Would an information systems (is) group with more knowledge about a data production process produce better quality data for data consumers?

– What tools do you use once you have decided on a Compliance Management strategy and more importantly how do you choose?

– What does the customer get from the information systems performance, and on what does that depend, and when?

– What are the principal business applications (i.e. information systems available from staff PC desktops)?

– Why Learn About Security, Privacy, and Ethical Issues in Information Systems and the Internet?

– What are information systems, and who are the stakeholders in the information systems game?

– How secure -well protected against potential risks is the information system ?

– Is unauthorized access to information held in information systems prevented?

– Are assumptions made in Compliance Management stated explicitly?

– What does integrity ensure in an information system?

– Is authorized user access to information systems ensured?

– How are our information systems developed ?

– Is security an integral part of information systems?

Local governance Critical Criteria:

Grasp Local governance goals and find out what it really means.

– Does Compliance Management include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– What are the record-keeping requirements of Compliance Management activities?

– What threat is Compliance Management addressing?

Market governance mechanism Critical Criteria:

Prioritize Market governance mechanism strategies and create Market governance mechanism explanations for all managers.

– Why is it important to have senior management support for a Compliance Management project?

– Is Compliance Management Realistic, or are you setting yourself up for failure?

– How do we Improve Compliance Management service perception, and satisfaction?

Multistakeholder governance model Critical Criteria:

Apply Multistakeholder governance model issues and look at it backwards.

– In what ways are Compliance Management vendors and us interacting to ensure safe and effective use?

– Are accountability and ownership for Compliance Management clearly defined?

Network governance Critical Criteria:

Accelerate Network governance leadership and raise human resource and employment practices for Network governance.

– Where do ideas that reach policy makers and planners as proposals for Compliance Management strengthening and reform actually originate?

Ocean governance Critical Criteria:

Dissect Ocean governance risks and summarize a clear Ocean governance focus.

– What are the barriers to increased Compliance Management production?

Open-source governance Critical Criteria:

Pay attention to Open-source governance projects and suggest using storytelling to create more compelling Open-source governance projects.

– What are the success criteria that will indicate that Compliance Management objectives have been met and the benefits delivered?

– What are specific Compliance Management Rules to follow?

Political party governance Critical Criteria:

Differentiate Political party governance decisions and give examples utilizing a core of simple Political party governance skills.

– Consider your own Compliance Management project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?

Private governance Critical Criteria:

Have a meeting on Private governance goals and do something to it.

Project governance Critical Criteria:

Judge Project governance planning and find out.

– Which individuals, teams or departments will be involved in Compliance Management?

– How do we go about Comparing Compliance Management approaches/solutions?

Records management Critical Criteria:

Test Records management leadership and probe using an integrated framework to make sure Records management is getting what it needs.

– Have records center personnel received training on the records management aspects of the Quality Assurance program?

– Will new equipment/products be required to facilitate Compliance Management delivery for example is new software needed?

Regulatory compliance Critical Criteria:

Debate over Regulatory compliance issues and finalize the present value of growth of Regulatory compliance.

– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?

– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?

– What is Regulatory Compliance ?

Risk appetite Critical Criteria:

Review Risk appetite outcomes and develop and take control of the Risk appetite initiative.

– How do we revise the risk appetite statement so that we can link it to risk culture, roll it out effectively to the business units and bring it to life for them. How do we make it meaningful in connecting it with what they do day-to-day?

– At what point will vulnerability assessments be performed once Compliance Management is put into production (e.g., ongoing Risk Management after implementation)?

– Is there a clearly defined IT risk appetite that has been successfully implemented?

– Risk appetite: at what point does the risk become unacceptable?

Risk management Critical Criteria:

Consult on Risk management outcomes and ask what if.

– If the liability portion of a Cybersecurity insurance policy is a claims-made policy, is an extended reporting endorsement (tail coverage) offered?

– What core IT system are you using?  Does it have an ERM or risk assessment module; and if so, have you used it?

– Market risk -Will the new service or product be useful to the organization or marketable to others?

– Do you have an IT risk program framework aligned to IT strategy and enterprise risk?

– Whos in charge of inactivating user names and passwords as personnel changes occur?

– What is the sensitivity (or classification) level of the information?

– Are regular risk assessments executed across all entities?

– What work has been done internally to establish an ERM process?

– How do you assess threats to your system and assets?

– Do your recovery plans incorporate lessons learned?

– Is the Cybersecurity policy reviewed or audited?

– Who leads the risk culture change initiative?

– Have reporting expectations been established?

– Can keys be easily copied?

SOA governance Critical Criteria:

Drive SOA governance outcomes and integrate design thinking in SOA governance innovation.

Security sector governance and reform Critical Criteria:

Prioritize Security sector governance and reform risks and create Security sector governance and reform explanations for all managers.

– What knowledge, skills and characteristics mark a good Compliance Management project manager?

– Is Compliance Management Required?

Simulation governance Critical Criteria:

Match Simulation governance outcomes and attract Simulation governance skills.

– Are there Compliance Management problems defined?

Soil governance Critical Criteria:

Revitalize Soil governance failures and cater for concise Soil governance education.

– Does Compliance Management create potential expectations in other areas that need to be recognized and considered?

– What are the Essentials of Internal Compliance Management Management?

Sustainable Governance Indicators Critical Criteria:

Add value to Sustainable Governance Indicators quality and plan concise Sustainable Governance Indicators education.

– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Compliance Management models, tools and techniques are necessary?

– Meeting the challenge: are missed Compliance Management opportunities costing us money?

– What is Effective Compliance Management?

Technology governance Critical Criteria:

Communicate about Technology governance visions and triple focus on important concepts of Technology governance relationship management.

– Do several people in different organizational units assist with the Compliance Management process?

– Risk factors: what are the characteristics of Compliance Management that make it risky?

Transnational governance Critical Criteria:

Be responsible for Transnational governance engagements and finalize the present value of growth of Transnational governance.

– What are the top 3 things at the forefront of our Compliance Management agendas for the next 3 years?

– Are we making progress? and are we making progress as Compliance Management leaders?

Website governance Critical Criteria:

Wrangle Website governance management and pioneer acquisition of Website governance systems.

– How do you determine the key elements that affect Compliance Management workforce satisfaction? how are these elements determined for different workforce groups and segments?

– What new services of functionality will be implemented next with Compliance Management ?

– What are the Key enablers to make this Compliance Management move?

World Governance Index Critical Criteria:

Pilot World Governance Index tactics and correct better engagement with World Governance Index results.

– Why are Compliance Management skills important?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Risk and Compliance Management Self Assessment:

Author: Gerard Blokdijk

CEO at The Art of Service |

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Compliance Management External links:

What is Compliance Management? | AuditShark

[PDF]Environmental Compliance Management Plan – …

About Us | Compliance Management International

Governance, risk management, and compliance External links:

Career Path – Governance, Risk Management, and Compliance …

Chief compliance officer External links:

Chief Compliance Officer Support – Consumer Banking

Chief governance officer External links:

A Chief Governance Officer Could Give You an Advantage

Chief Governance Officer, OSGE | Devex

Climate governance External links:

It’s time for new climate governance – from below

Climate Governance Experiments | Matthew J. Hoffmann

Climate Governance Initiative – 3 Photos – Organization

Clinical governance External links:

[PPT]Clinical Governance – University of Pittsburgh

Clinical governance (Book, 2003) []

Clinical Governance Essays –

Collaborative governance External links:

Collaborative Governance Home Page – Mass General

Welcome to Collaborative Governance

Collaborative Governance: Diversity Steering Committee

Conformity assessment External links:

ABCAB | Accreditation Board for Conformity Assessment …

Corporate governance External links:

Morgan Stanley Corporate Governance

Regions Financial Corporation – Corporate Governance

Corporate Governance – About Us | Aetna

Cultural governance External links:

The Audit Committee and Cultural Governance – WSJ

[PDF]Cultural Governance and Development in Vietnam

What do we mean by Cultural Governance? – YouTube

Data governance External links:

Data Governance – Do Job Titles Matter? – DATAVERSITY

[PDF]Data Governance Overview – Oklahoma – Welcome to …

What is data governance (DG)? – Definition from

Earth system governance External links:

Earth System Governance Project – Home | Facebook

Earth System Governance | The MIT Press

Earth System Governance | The MIT Press

Enterprise risk management External links:

Enterprise Risk Management, University of Cincinnati

[PDF]Guide to Enterprise Risk Management

Environmental governance External links:

Reconfiguring environmental governance: Towards a …

Environmental Governance | A research collaboration …


Governance in higher education External links:

[PDF]Shared Governance in Higher Education

ERIC – Overview: Governance in Higher Education- …

ISO 19600 External links:

The ISO 19600 on Compliance –

Information Technology External links:

Information Technology Degree –
http://Ad ·

Information Technology Degree –
http://Ad ·

Rebelmail | UNLV Office of Information Technology (OIT)

Information governance External links:

[PDF]Information Governance Principles for Healthcare …

Information system External links:

National Motor Vehicle Title Information System

Buildings Information System

National Motor Vehicle Title Information System (NMVTIS)

Local governance External links:

November – 2017 – Institute for State and Local Governance

The Hague Academy for Local Governance – Home | …

Local Governance Research Labatory

Network governance External links:

UTSCAP Network Governance – UTSW Medicine

Ocean governance External links:

Partnership for Regional Ocean Governance: …

Ocean Governance for Sustainability – Challenges, …

Ocean Governance | U.S. Department of the Interior

Private governance External links:

[PDF]Merging Public and Private Governance: How Disney’s …

Project governance External links:

Project Governance Plans: Execution and Oversight

NuGet Project Governance | Microsoft Docs


Records management External links:

National Archives Records Management Information Page

Library of Virginia Records Management

Records Management Policy | Policies & Procedures

Regulatory compliance External links:

Trinity Consultants – Regulatory Compliance …

Chemical Regulatory Compliance – ChemADVISOR, Inc.

Brandywine Drumlabels – GHS Regulatory Compliance …

Risk appetite External links:

ECB’s slow retreat from QE buoys risk appetite

[PDF]Risk Appetite Guide All States Except New Jersey

What is risk appetite? – Definition from

Risk management External links:

“Billions” Risk Management (TV Episode 2017) – IMDb

Risk Management Job Titles | Enlighten Jobs

Risk Management –

SOA governance External links:

SOA Governance Integration –

SOA What? Why You Need an SOA Governance Framework | CIO

SOA Governance Standards | OCIO

Security sector governance and reform External links:

Security Sector Governance and Reform: Guidelines for …

Simulation governance External links:

[PDF]Simulation governance: New technical …

Simulation Governance Archives – ESRD

Simulation Governance | Industries | UL

Technology governance External links:

[PDF]Information Technology Governance

Website governance External links:

Website Governance | Smith College

About | Website Governance