Complying with laws and regulations is an increasing burden for organizations, from the board of directors down to the trenches of business. Over the past ten years there has been a significant and growing impact of regulatory compliance specifically on the IT department. In a nutshell: business is complex and global, and the demand upon IT to comply with an array of laws and regulations is requiring IT to change and adapt. The compliance challenges burdening IT are legion; this has put IT in an awkward position of reacting to regulations where it should be proactively managing IT controls and risk. A reactive approach to IT compliance is a recipe for disaster and leads to escalated costs in compliance, lack of visibility of the control environment as a whole, wasted or inefficient use of resources, unnecessary complexity, a lack of flexibility, and vulnerability and exposure. A proactive approach to compliance means seeing the big picture. Whereas the reactive approach to IT compliance leads to greater exposure, complexity, and higher costs for compliance, a proactive approach to compliance leads to a stronger IT department with reduced risk of exposure and efficient use of resources.