Which of the following is MOST appropriate method to evaluate the potential impact of legal,
regulatory, and contractual requirements on business objectives?
A.
Communication with business process stakeholders
B.
Compliance-oriented business impact analysis
C.
Compliance-oriented gap analysis
D.
Mapping of compliance requirements to policies and procedures
Explanation:
A compliance-oriented BIA will identify all the compliance requirements to which the enterprise has
to align and their impacts on business objectives and activities. It is a discovery process meant to
uncover the inner workings of any process. Hence it will also evaluate the potential impact of legal,
regulatory, and contractual requirements on business objectives.
Answer D is incorrect. Mapping of compliance requirements to policies and procedures will
identify only the way the compliance is achieved but not the business impact.
Answer A is incorrect. Communication with business process stakeholders is done so as to
identify the business objectives, but it does not help in identifying impacts.
Answer C is incorrect. Compliance-oriented gap analysis will only identify the gaps in compliance
to current requirements and will not identify impacts to business objectives.