Optimizing Control Testing and Evidence Collection

Control testing and evidence collection can be burdensome not only for compliance and audit professionals, but also for the stakeholders they engage with. Teams can save time, improve consistency, and move closer to real-time results by designing automations to perform testing or collect evidence.

The most important consideration for your compliance program is your controls inventory (or controls library). A clearly organized controls inventory should provide traceability to your frameworks, requirements, and assets, allowing you to scope your assessments with ease. Traditionally, control inventories are built from a spreadsheet-based risk and control matrix. However, this method often yields data inconsistencies, especially when users forget to update their data, which can lead to repeating inconsistencies throughout the spreadsheet.

Building your controls library using a connected risk solution helps to establish an organized database where your controls can be inventoried by asset owner and framework — a dependency for any optimization you build into your testing program thereafter. Automating any process depends on having complete jurisdiction over your assets and their underlying data structures, otherwise, there will be breaks in the linkage between your data points as they start to change. An integrated compliance management solution is one of the best available means to ensure your data is organized in a meaningful and reliable manner.

“Optimizing Testing and Evidence Collection With Technology” by John Volles of AuditBoard explores some common questions to ask when approaching automation and ways to begin optimizing your processes. Get your copy today!

Please complete the form below to access this research:

Business E-mail Address

First Name

Last Name

Company

Job Role

Job Title

Company Size

Company Revenue

Industry

Address

City

State/Province

Zip / Postal Code

Country

Business Phone Number

When does your organization plan to update or add in new frameworks into your information security
program?

By accessing this free resource, you agree that AuditBoard may contact you about products, services, events, and other offers that may be of interest.

Your privacy is a top concern for us at Knowledge Hub Media. We’ll only use your personal information to provide you with the content, products and/or services you’ve requested from us. By entering your contact information and clicking on the “submit” button below, you are confirming that you have carefully read Knowledge Hub Media’s Terms of Use agreement, and Privacy Policy, and agree to be legally bound by all such terms.

Yes, I agree to the Terms of Use Agreement.

Yes, I agree to the Privacy Policy.

The third party vendor sponsoring this content may wish to contact you regarding products and/or services as they relate to this white paper/research. Please check the appropriate boxes below, indicating the ways in which you would like to receive communication from our third party affiliates:

Yes, I would like to receive communication by email.Yes, I would like to receive communication by telephone.Yes, I would like to receive communication by postal mail.

Knowledge Hub Media would also like to keep in touch regarding related content, white papers, business/technology research and upcoming events in your area of expertise. Please check the appropriate boxes below to opt-in:

Yes, Knowledge Hub Media may contact me via email.Yes, Knowledge Hub Media may contact me via telephone.Yes, Knowledge Hub Media may contact me via postal mail.

You can easily change your communication and consent preferences at any time. Opt-out of receiving communication from Knowledge Hub Media and/or our third party affiliates by easily updating your personally identifiable data and contact preferences here: Update Communication Preferences