Recommendation engine for risk and compliance mapping
A recommendation engine is a system that suggests products, services, and information to users based on data analysis. A recommendation engine boosts revenues and other essential metrics.
Recommendations derive from various factors, such as the history of the user and the behavior of similar users. An example of a recommendation engine is a video-sharing website. Based on your viewing history and preferences, the website recommends videos. Some recommendation engines are rule-based. Risk and compliance mapping in GRC uses a rule-based recommendation engine.
When using the recommendation engine, the risk manager has to map the information objects with
their risk statements, citations, and policies. The key features of the recommendation engine are
the following:
- Uses the concept of information objects to recommend the risks and compliances.
- Matches the business applications with the risk and compliance libraries by comparing the information objects of the libraries.
- Allows IT risk managers to define and map risk and compliance libraries based on the information that is contained within the application.
- Reduces the time spent on mapping the risk and compliance libraries.
- Improves the overall time it takes to scope the right applications and assets that must be audited for a particular type of audit.