„track and monitor strategy implementation, project completion, resource usage, process performance and service delivery, using, for example balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting” [Krey, 2010]

overall process of risk identification, risk analysis and risk evaluation [ISO 31000:2009]

evaluating current status of the auditable subject according to reported heatmaps

(Key Performance Indicators) – measuring organization/IT/department performance using its agreed KPIs

„systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled“ [ISO 19600:2014]

„The governing body, management and the compliance function should ensure that they are effectively informed on the performance of the organization’s compliance management system and of its continuing adequacy, including all relevant noncompliances, in a timely manner..“ [ISO 19600:2014]