Testing an organisations approach to compliance with its key policies, procedures and controls in place should be an essential and regular part of a risk mitigation framework.
Insider threat is now recognised as one of the key risks that organisations face globally. It is with the knowledge that staff or consultants working within risk areas understand where the control weaknesses are and whether an organisation is able to identify or respond to instances of non compliance.
Recent publications have confirmed that many organisations approach to risk assessment is at best inconsistent, and isn't conducted on a regular or ongoing basis.
Concern in this areas is not only the continual change in global threats and their impact on an organisation but additionally how the public and private sectors are able to identify and protect themselves against risks being introduced from other organisations that don't assess or monitor their own risks.
Assessing the compliance regime of an organisation and its ability to protect its revenues and assets. It is not unusual to establish that what management report as procedure compliance is not what happens operationally.