IT compliance involves adhering to organizational policies and standards, applicable laws and regulations, and client contractual requirements regarding the operation and management of information technology resources and doing so in a way that supports the business strategy of the organization.

The objective of this assessment was to focus our efforts on the second line of defense by identifying and taking inventory of various IT compliance teams and understanding their associated responsibilities and outputs. Questions to consider include:

• Is it distributed by business function or is it centralized?
• Is there linkage between enterprise risk management (ERM) and IT compliance?
• Is there a chief compliance officer for IT?
• Is it distributed by business function or is it centralized?
• Is there a committee that governs the IT compliance processes?