Impact assessments for the regulatory alerts

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • A regulatory event alert may result in a regulatory change to an organization. You can evaluate the impact of the regulatory change on your organization by performing impact assessments.

    Regulatory updates are frequent and come from various sources. These updates often involve a high volume of complex information that the regulatory domain experts must address. The first task for a regulatory change manager is to interpret the update and determine its implications for the business. This involves identifying affected policies, controls, or citations, and specific regulatory references or requirements.

    Types of impact assessments

    The impact assessment process is used as a reporting tool for evaluating the impact of a proposed regulatory change. For a given regulatory event alert, the assigned user triggers an impact assessment to a subject matter expert who is an expert in a certain regulatory area. The expert then performs an impact assessment on the regulatory event alert. Impact assessments are of the following types.
    • Risk assessment: This process traditionally uses a risk-based approach to prioritize and manage the impact of the regulatory updates. This approach helps experts focus on the entities most likely to be affected. The findings and responses generated from this risk assessment process are gathered and documented systematically. This ensures that your organization can track compliance actions, and mitigate risks. Refer to Respond to a regulatory alert risk assessment to understand how to respond to a risk assessment.
    • Regulatory assessment: This assessment utilizes the Smart Assessment Engine to perform smart assessments on regulatory alerts. In this assessment you can customize your impact assessment process by creating your own assessment questionnaire templates. For example, if your organization deals with regulations like the Digital Operational Resilience Act (DORA) or the European Union AI Act, you can design assessment templates focused solely on the aspects and obligations of these regulations. To learn more about a regulatory assessment, refer to Regulatory assessment for a regulatory alert. For more information about Smart Assessment Engine, refer to Smart Assessment Engine.
    Note:
    For more information on how to initiate either of these assessments, refer to Assess the impact of a regulatory alert.