Risk & Compliance

C3: Adaptive Assurance: Implementing an Automated Control Testing Program

Thursday, September 22, 2022 1:30 PM - 2:30 PM

Room 403


In a world of privacy concerns, customers demand greater assurance for their data. How can your organization provide assurance while managing requirement volume and complexity? This session will walk through a concrete study for automating cyber control testing, including construction of test logic and metrics, data source maturity analysis, visualization, and architecting your automation stack. This case study will then highlight the results of a successful automated control testing program, including determination of comprehensive control effectiveness, timely high-value feedback which reduces financial impact from control failures, and improved resource utilization with testing teams and reduced audit fatigue for organizational stakeholders. Participants of this session will come away with a clear approach to developing and implementing an automated control testing program, as well as a strong business value narrative to drive executive buy-in.