Concerns about the timeliness of reporting indicate a potential issue in the reporting process that must be investigated. The CGEIT Review Manual 8th Edition advises that the first step in addressing process-related issues is to assess the current process to identify bottlenecks, inefficiencies, or gaps.
Extract from CGEIT Review Manual 8th Edition (Domain 3: Risk Optimization):"When issues are raised regarding compliance or reporting, the first step is to assess the existing processes to identify root causes of deficiencies, such as delays or inaccuracies. This assessment provides the basis for designing improvements or corrective actions." (Approximate reference: Domain 3, Section on Compliance and Process Assessment)
Assessing the reporting delivery process (option A) allows the enterprise to pinpoint why reports are delayed, whether due to manual processes, data availability, or other factors, enabling targeted improvements.
Why not the other options?
B. Negotiate an exception process with the regulator: Negotiation is a reactive measure that does not address the root cause of untimely reporting.
C. Automate the reporting process: Automation may be a solution, but it is premature without understanding the current process’s deficiencies.
D. Evaluate the implications of risk acceptance: Risk acceptance is a last resort and does not address the regulator’s concern about timeliness.
[References:, ISACA CGEIT Review Manual 8th Edition, Domain 3: Risk Optimization, Section on Compliance and Process Improvement., ISACA CGEIT Study Guide, Chapter on Regulatory Reporting., , , ]
