Compliance Briefing: Tips to balance risk management and compliance

Guide to balancing risk management and compliance

Managing risk? That doesn't mean you're meeting compliance requirements. Find out why.

It seems like there are new IT risk factors, and compliance regulations to go with them, popping up every day. But just because you’re protected from risk doesn’t mean you’re compliant -- and vice versa. It’s important for a company to strike the proper balance between alleviating the biggest risks and meeting compliance guidelines unique to its industry. With limited budgets and resources, this is no easy task.

In this tutorial, we’ve gathered best practices for balancing your risk management and compliance strategies. You’ll learn how risk management and compliance can be tied together to get the maximum positive impact for your organization, and new ways to look at the delicate relationship between the two. Properly developing this relationship may even gain customer confidence and boost your bottom line.

This guide is part of’s Compliance Briefings series, which is designed to give chief compliance officers strategic management and decision-making advice on timely topics.

Table of contents:

The business case for risk management and compliance

There are many good reasons for developing a solid risk management and compliance program, but one incentive stands out: It simply makes good business sense.

With governance, risk and compliance (GRC) rules and regulations constantly evolving, organizations cannot afford to focus on simply economic stability, according to experts -- there must be a GRC culture in place. The growing complexity and breadth of the regulatory landscape requires processes to deal with risk management and compliance. These processes need to be flexible, yet avoid a one-size-fits-all approach.

Learn more in “How risk management and compliance policies affect your bottom line.”

Related Content

Risk management and sustainability best practices

Sustainability is fast becoming a catchall phrase, and the basis for a cottage industry populated with well-meaning but misguided advisors and activists. The term has been weakened to the point where it means something different to everyone who encounters it. It’s time we focus on clarifying meaning when referring to sustainability, and making sure our actions are consistent with these definitions and goals. There are several key factors to consider to minimize the effect that the reintegration will have on your organization in the short and long term.

As Bill Ford of Ford Motor Co. observed in the McKinsey Quarterly, "For us, sustainability in its broadest sense is about economic sustainability. It’s not just about sustainability for environmental reasons -- if you don’t have a sustainable business model, none of the rest matters.”

In other words, going green while putting your company in the red is not sustainable.

Find out more in “Best practices for risk management and sustainability convergence.”

Related Content

Defining your risk management and compliance concepts

Manage information risk to stay compliant

For many people in management, if the business is compliant with this law or that regulation, then all is well in IT land. I see businesses all the time -- especially in the health care industry -- that believe their minimal compliance strategy efforts are all that’s needed to keep IT in check.

Not so fast.

Managing information risk in your enterprise is more than just “compliance” as we know it. It’s extremely easy to fall into the mind-set of “we’re compliant, therefore we’re secure.” If we could step back in time and ask the leaders at any of the organizations on the Chronology of Data Breaches whether or not they were compliant with regulations, I’m confident they’d reply with a resounding “Yes, of course!”

Learn more from contributor Kevin Beaver in “Managing information risk inherent to an effective compliance strategy.”

Related Content

Tips to prevent compliance risk

If your organization truly recognizes the importance of deploying secure applications as part of your overall security process, kudos to you. You're one of the few. Most companies remain mired in reactive security processes that keep them at risk because they never truly address the root cause of most vulnerabilities: insecure software development.

One proactive, timely and cost-effective way to reduce vulnerabilities is to map security programs to a list of common vulnerabilities, such as the Open Web Application Security Project Top 10.

Discover more in “ How protecting against the OWASP Top 10 helps prevent compliance risk.”

Related Content