The Situation

You want to enhance your company’s ineffective processes and sway peers away from using spreadsheets and cross-walking and towards efficiently gathering the evidence you need to actually prove compliance.

Historically, everyone including Unified Compliance started out with spreadsheets with columns of regulations, best practices, and frameworks. The Unified Compliance team has lots of information on why cross-walking is a poor use of smart people time. You already know this. But how do you convince your team?

Here's How To Get There

Request a sample build

A build is a collection of customized spreadsheets generated on your request. The contents of a build are based on the Authority Document List you select, and the Common Controls related to it. The sample build contains files that represent a very small subset of what you would receive if you created your own custom set of Common Controls with the Common Controls Hub. Just email with your sample build request.


Position the build as a research or support tool to augment your cross-walking

Show your colleagues that audit fatigue could be lessened by harmonizing compliance controls automatically instead of defending the same controls over and over again with manual cross-walking. Whether you call it unifying, harmonizing, or cross-walking — the idea is the same; comply once and attest to compliance for multiple regulatory guidelines.

Show them that when that evidence collection process is automated across multiple regulations, frameworks, standards, best practices and policies, with metadata to assert the methodology, while improving efficiency and accuracy and cutting everyone’s workload in half—then, you will be truly upping your organization’s compliance game.

Demonstrate how you can validate and improve your alignment between Authority Documents

Mapping Your Internal Controls

The most frequent use case for the CCH (and the underlying Unified Compliance Framework) is compliance gap identification and closure. Most organizations have an internal control framework to address all of their compliance requirements. By mapping in your control framework with either the UCF Mapper or Unified Compliance Professional Services, you can complete a quantitative analysis to identify and close gaps.

Here is an overview of the required steps:

Workflow for Improved/Increased Compliance

Once your controls are mapped to the Common Controls, it is available privately to your organization. The most common use case is gap identification and prioritization. The steps are as follows:

  1. Generate a Build
  2. Rank Importance of Each Authority Document
  3. Rank Impact Zones
  4. Tally Score for High, Medium, Low

Results: Based on the ranking and number of citation references, each Common Control will get a score of importance.

The criteria is based on the following for both Step 2 and 3:

  1. Previous Failure or High Potential for Failure
  2. High Impact if Failure – $$$, Non-Compliance, Brand
  3. Cost of Business Requirement
  4. Board or Legal Requirement

In your analysis, you will use the Build spreadsheet of Controls with all the Citations References from your controls and Authority Documents within your scope. You will also use the documents themselves and the associated Authority Document In-Depth reports that have the color-coded tagged mandates. These will have the Citation content associated with the Citation References.

Once the Common Controls are ranked, you can set your priorities. You will leverage the Common Control child, parent, and sibling relationships to determine how large the gap is. A covered sibling may be similar enough to close the gap. A covered parent may mean the gap is being carried out but not documented. Finally, a covered child will mean only a partial gap for a parent Common Control.

The final opportunity to close gaps is when there is more than one of your controls mapped to a single Common Control. You move your other control to a gap Common Control. Now, you have addressed two Common Controls.

Tout the benefits

  • You are out of the business of mapping and into the business of validation.
  • You have a trusted resource to support your efforts (the fact that Unified Compliance has been awarded almost 20 patents in recognition of the uniqueness of what we do—and we’ve been doing this for about 20 years).
  • If you want to map something not found at the CCH, you can learn how to do it yourself with the UCF Mapper Training Course.

Share the credit with your team members!

Do a presentation on how the team is improving your time to map and the quality of your mapping.

As always, feel free to reach out to us on any Unified Compliance topic or better yet – how about a demo?

Show Them A Demo