IT executives must develop procedures for evaluating regulatory requirements, based on the risk tolerance profile of the enterprise and a thorough understanding of the costs and consequences of noncompliance. IT executives should take an active role in evaluating the impact of new regulations by participating on cross-functional teams to review new requirements. The nature of the regulation(governance, privacy, security, etc.), and its associated risk will dictate the appropriate composition of such a team. IT execs should include a formal risk assessment process when evaluating compliance efforts.”]
Source: https://www.csoonline.com/article/2117943/of-risk-and-regulations.html