>enterprise special interests
>smb special interests
>industry special interests
home > guidance > enterprise special interests


Top 10 Actions

After the frequency of IT audit, monitoring and reporting, the top 10 actions taken by compliance leaders (those organizations with the least number of compliance deficiencies) are different than other organizations (Figure 1).

All of the best-in-class compliance organizations - those exhibiting the least number of compliance deficiencies - document their business procedures, IT assets and IT controls. By contrast, only 60 percent of lagging firms - those with the highest deficiency levels - document their business procedures, IT assets and IT controls.  Similarly, most of the compliance leaders change business procedures to comply whereas few of the laggards take this action.

Figure 1: Top 10 Strategic Actions to Improve Compliance


The only action where compliance laggards superseded - marginally - the compliance leaders is in documenting IT security policies, procedures and standards, where 63 percent of compliance laggards took this action compared with 59 percent of compliance leaders. Otherwise, compliance leaders are ahead of compliance laggards on nine of the top 10 actions that helped improve results.

Actions that Most Improve Results

After increasing the frequency of IT audit, monitoring and reporting to once per month or more, there are several actions that firms should consider taking.  These actions, highlighted by the major differences between the leaders and laggards include:

  1. Changing business procedures to comply
  2. Documenting business procedures, IT assets and IT controls
  3. Automating the frequency of measurements and reporting
  4. Automating IT configuration and controls management
  5. Changing IT security policies, controls and procedures to comply

Organizations operating at the norm and as compliance laggards should be increasing the frequency of IT audit to monthly and consider benchmarking their own organization against each of the remaining strategic actions to determine where their organization fits, relative to compliance laggards and leaders.

Guidance Recommendations

Guidance for all enterprises, based on fact-based benchmarks, include:

  • Increase the frequency of IT audit, monitoring and audit to monthly or more frequent
  • Identify the strategic actions of your organization that differ most from those of compliance leaders
  • Consider re-prioritizing the actions of your organization to improve compliance results

    © IT Policy Compliance Group, 2006










Most small businesses are performing at the norm with between 3 and 15 compliance deficiencies and IT security events resulting in financial harm. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us