how to work smarter on governance, risk and compliance?

The burgeoning headlines around us about sophisticated new security threats and fraud cases has sounded a wake-up call to each of us especially enterprises. Compliance is no longer an option but a necessary critical measure to ensure compliance to the strict regulations requirement.

Instead of scrambling aimlessly with your compliance efforts, I will share a few tips on how to streamline and work smarter with your security deployments, processes, business goals and compliance activities congruently for maximum effectiveness.

how much is it costing you?

Stop deceiving yourself and take a hard look at the true cost impact that reliance on spreadsheets has on your compliance efforts. If you need eight people together once a month to decipher a slew of spreadsheets for days at a time, how much is that costing your organization? While simple spreadsheets might seem like an easy and cheap way to track compliance activities at first, the reality is that they'll end up costing more, given that they don't scale well and they're limited in effectiveness. As your business grows and regulatory requirement increases, you are in fact bleeding your precious business resources.

take a deep breath

Though there is a lot of overlap among the regulatory standards such as SOX, HIPPA, PCI etc., more often than not these regulations are in essence trying to accomplish the same goals. The wise thing to do is to take a deep breath and take a step back to figure out how the requirements translate to security measures. Enterprises that stop to translate often find they already have most of the necessary controls in place – so, they can limit the work needed to prove it and fill in the gaps from that point. Otherwise, they will end up spending more money and resources because they are wasting their efforts with duplicate practices and tasks, chasing new activities every time a new regulation comes out or an old one is updated.

automate, automate and automate

Once you've translated how your security practices are linked to regulations, you'll still need to prove it to the auditors. The key to making this process painless is to automate the collection of supporting documentation. Ideally, a single framework should be able to accept technical measurements that flow into it, as well as results from interviews with people to confirm compliant processes in place. There are many tools in the market that help you to automate and consolidate these data into a single depository for easy retrieval.

Too many organizations are wasting money and precious resources constructing “piece-meal” measures to comply with regulatory requirements, using ineffective tools and approaching compliance in a totally reverse manner. All your compliance efforts need to be streamlined into a cohesive program to derive optimal effectiveness. The old adage has a saying, “work smarter not harder."

What about you? How are you working smarter with your compliance activities?


image © Ben Chams -


Kenneth Ho

I was born in Singapore, an island which has a mere population of 5 million people. I truly believe I was born with a purpose to fight criminals in this world. Having failed the entrance test for the Avenger League several times, I joined Orange Business to fight crime in another role as Security Practice in APAC. I'm pinning on the hope that I will be called up for duty to join the Avenger League.