The evolving regulatory landscape—spanning from SOX 404 (2002), PDPA (2010), and GDPR (2018) to the MY CSA (2024) along with recent mandates in AI, Cybersecurity, and increasing geopolitical tariff instability, has substantially heightened the intricacy of how organizations address IT-related risks and strategic opportunities.
How do you manage Technology Compliance Complexity (TC2) in the age of AI
- Understand purpose of regulatory objectives & requirements on IT risks comprehensively – read the legislation and talk to the legislators
- Build a cohesive policy & procedural process to harmonize all current and emerging IT risks
- Consolidate & Unify regulations addressing similar & overlapping requirement specific to IT risks
- Fortify your basics – ITGC-SUCOP
- Consider AI Regulator agent – start a POC
- Maintain unified IT – Risk Register & map against REGs/STD/Frameworks
- Pressure test Audit and consulting firms’ assumptions of IT risks vis-à-vis materiality to manage compliance cost burden & bureaucracy.
- Establish data classification standard (DCS) – restricted, confidential, private or public.
- Vertical expertise matters, but strong horizontal practices are key to managing third-party IT risks effectively.
- MY TECH REG Risk <> Despite a number of laws – 31 stated in the National Cyber Security Strategy in 2020 – bodies responsible for its enforcement are few.
- Samples REGMAP – coming soon
- RMIT/SSM/etc.