Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

ME3.4 - Positive Assurance of Compliance

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective ME3.4 - Positive Assurance of Compliance is contained within Process Popup Ensure Compliance With External Requirements.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
5 Members
0 Online
4137 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Positive Assurance of Compliance

Obtain and report assurance of compliance and adherence to all internal policies derived from internal directives or external legal, regulatory or contractual requirements, confirming that any corrective actions to address any compliance gaps have been taken by the responsible process owner in a timely manner.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Confirmation of the enterprise’s compliance with applicable laws and regulations through the use of standards and methodologies
  • Good practices identified for dealing with laws and regulations effectively incorporated into enterprise arrangements
  • Increasing process performance in relation to compliance with applicable laws and regulations
  • Confirmation that deviations from compliance requirements are identified and corrected in a timely manner
  Risk Drivers
  • Failure to report non-compliance incidents, adversely impacting the enterprise’s performance and reputation
  • Increased likelihood of disputes
  • Areas of non-compliance not identified and reported
  • Corrective actions not initiated in a timely manner, adversely impacting the overall performance of the organisation

View Control Practices  help

Hide Control Practices  help

  1. Obtain regular confirmation of compliance with internal policies from process owners.
  2. Ensure that regular (and, where appropriate, independent) internal and external reviews are performed to assess levels of compliance with internal policies.
  3. Establish procedures for the receipt of assertions from third-party service providers on levels of their compliance with applicable laws and regulations.
  4. Ensure that contracts with third-party service providers require regular confirmation of their compliance with applicable laws and regulations.
  5. Implement a process to monitor and report on non-compliance issues, with further investigation, where necessary, of the root cause of non-compliant performance taking place.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 492 total

Must be a Topic member to contribute
View All »
Posted by FarmService 1442 days ago
Posted by ISACA 1453 days ago
This document provides a preview of the information contained in COBIT 5.
Posted by ISACA 1856 days ago
This presentation by Robert Stroud, CGEIT, CRISC, ISACA Strategic Advisory Board, addresses the COBIT 5 framework, the critical aspects of COBIT 5, and what is available.
Posted by ISACA 1856 days ago
Posted by ISACA 1964 days ago
Posted by ISACA 1964 days ago

Events & Online Learning: 13 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
14 Mar 2016
ISACA International Event
Miami, FL, USA
1 Aug 2016
ISACA International Event
Chicago, IL, USA

Journal Articles: 451 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 2, 2018
by Vijayavanitha Sankarapandian, CISA, CIA
Transparency and compliance, coupled with the ability to gather relevant and accurate data, lead to efficient governance by a government.
Volume 2, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 2, 2018
by Ed Moyle
Sometimes leveraging what is available can get us around obstacles that would otherwise be crippling to accomplishing our goals.

Wikis: 2 total

Blog Posts: 220 total

18 Mar 2018
After privacy was silently lost in modern era, GDPR will try to put the ghost back in the bottle. Will it succeed?
Posted By : Dragan Pleskonjic | 0 comments
What do you think: when artificial intelligence (AI) will be smarter than humans? Can you predict it and if yes, when it will approximately happen in your opinion? Vote in poll at link below, please:
Posted By : Dragan Pleskonjic | 3 comments
La Tecnología de la Información (TI), en todas sus áreas (base de datos, seguridad de la información, desarrollo de software, redes, etc.), debe tener como objetivo primario el apoyo a los Procesos del Negocio (PN) de la organización. Sin embargo, es comú...
Posted By : emorro | 0 comments
Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 5 comments
21 Feb 2018
We are happy to announce that  on Feb//2018  the ISACA awareness session  was held in Baghdad.This the first time to speak about ISACA Value in Iraq.Professional from government and private sector were excited to hear about ISACA value and they started to...
Posted By : Ali099 | 1 comments
Ransomware is a form of malware and is engineered to infect your personal computer and restrict access in some way, while demanding payment or ransom  to remove the restriction. First identified in 1989  under the name of PC Cyborg, today there are over 2...
Posted By : Robert658 | 2 comments