Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

ME3.4 - Positive Assurance of Compliance

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective ME3.4 - Positive Assurance of Compliance is contained within Process Popup Ensure Compliance With External Requirements.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
5 Members
0 Online
4194 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Positive Assurance of Compliance

Obtain and report assurance of compliance and adherence to all internal policies derived from internal directives or external legal, regulatory or contractual requirements, confirming that any corrective actions to address any compliance gaps have been taken by the responsible process owner in a timely manner.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Confirmation of the enterprise’s compliance with applicable laws and regulations through the use of standards and methodologies
  • Good practices identified for dealing with laws and regulations effectively incorporated into enterprise arrangements
  • Increasing process performance in relation to compliance with applicable laws and regulations
  • Confirmation that deviations from compliance requirements are identified and corrected in a timely manner
  Risk Drivers
  • Failure to report non-compliance incidents, adversely impacting the enterprise’s performance and reputation
  • Increased likelihood of disputes
  • Areas of non-compliance not identified and reported
  • Corrective actions not initiated in a timely manner, adversely impacting the overall performance of the organisation

View Control Practices  help

Hide Control Practices  help

  1. Obtain regular confirmation of compliance with internal policies from process owners.
  2. Ensure that regular (and, where appropriate, independent) internal and external reviews are performed to assess levels of compliance with internal policies.
  3. Establish procedures for the receipt of assertions from third-party service providers on levels of their compliance with applicable laws and regulations.
  4. Ensure that contracts with third-party service providers require regular confirmation of their compliance with applicable laws and regulations.
  5. Implement a process to monitor and report on non-compliance issues, with further investigation, where necessary, of the root cause of non-compliant performance taking place.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 494 total

Must be a Topic member to contribute
View All »
Posted by FarmService 1532 days ago
Posted by ISACA 1542 days ago
Posted by FarmService 2617 days ago
Posted by ISACA 5 days ago
Cobit Related
Posted by ISACA 9 days ago

Events & Online Learning: 15 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
14 Mar 2016
ISACA International Event
Miami, FL, USA
1 Aug 2016
ISACA International Event
Chicago, IL, USA

Journal Articles: 463 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 3, 2018
by Giuliano Pozza, CGEIT, e-CF Plus (CIO), ITIL v3
The world of information and data management is changing faster than anyone could have predicted a few years ago, and attention to sensitive data protection is growing, as the new GDPR is clearly proving.
Volume 3, 2018
by Lucio Augusto Molina Focazzio, CISA, CRISC, CISM, COBIT Assessor and Trainer, ITIL
Building Tomorrow’s Leaders, Today
Volume 3, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Wikis: 2 total

Blog Posts: 221 total

17 Jun 2018
We are happy to announce that  on Feb//2018  the ISACA awareness session  was held in Baghdad.This the first time to speak about ISACA Value in Iraq.Professional from government and private sector were excited to hear about ISACA value and they started to...
Posted By : Ali099 | 2 comments
Posted By : TafadzwaPadare | 1 comments
5 Jun 2018
Recently, I witnessed an interesting webcast by Scopism, an UK-based consulting and training company. They announced the publication of the SIAM(c) Foundation Body of Knowledge, available for free through their website Service Integration...
Posted By : Peter873 | 2 comments
Security in IoT environment
Posted By : Hyun239 | 0 comments
20 Apr 2018
Good day. I have an interesting situation that came about just this week.  New career opportunities are not all that they seem to be.  What I thought was going to be a great career change ended up in disaster.  With only one week and two day's, I was dism...
Posted By : Brian824 | 0 comments
2 Apr 2018
After privacy was silently lost in modern era, GDPR will try to put the ghost back in the bottle. Will it succeed?
Posted By : Dragan Pleskonjic | 0 comments