• Product
      • circleROAR Platform
      • cogwheelZenComply
      • lockZenRisk
      • globeZenGRC Platform
      • chartRisk Intellect
      • kes tagPricing
    • Solutions
      • By Industry
        • TechnologyTechnology
        • Financial ServicesFinancial Services
        • HospitalityHospitality
        • HealthcareHealthcare
        • GovernmentGovernment
        • Higher EducationEducation
        • retailRetail
        • MediaMedia
        • InsuranceInsurance
        • ManufacturingManufacturing
        • Oli & GasOil & Gas
      • By Framework
        • PopularPopular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • PrivacyPrivacy
          • CCPA
          • GDPR
        • HealthcareHealth Care
          • HIPAA
        • GovernmentGovernment
          • NIST
          • FedRAMP
          • FERPA
          • CMMC
          • FISMA
        • FinanceFinance
          • SOX
          • COBIT
    • Success
      • customer-successCustomer Success
    • Resources
      • Resource CenterResource Center
      • Reciprocity CommunityReciprocity Community
      • NewsroomNewsroom
      • EventsEvents
      • BlogBlog
      • Customer StoriesCustomer Stories
      • Content RegistryContent Registry
    • Company
      • About UsAbout Us
      • Contact UsContact Us
      • CareersCareers
      • Leadership
      • Trust CenterTrust Center
      • PartnersPartners
      Get a Demo

        How to Do a Gap Analysis for New Business Ventures

        Published February 21, 2023 • By Nick Brown, Technical Product Manager • Blog
        Gap analysis

        Do you have visibility into the risk of your strategic business priorities?

        If not, a gap analysis can give you a clearer picture. In fact, as we underscored in our recent webinar, “5 Essential Steps to Meet Your Escalating Duty of Care,” identifying and mitigating the risks associated with new initiatives is vital to meeting regulations and avoiding penalties.

        How can you perform a gap analysis for your company’s new ventures? Start with these 3 steps.

        See also

        [Webinar] 5 Essential Steps to Meet Your Escalating Duty of Care

        Pinpoint Your Strategic Priorities | Perform a Gap Analysis | Implement Controls for Risky Priorities

        Step 1: Pinpoint Your Strategic Priorities

        You know what’s hard to figure out the risk of? Something you don’t know about or haven’t identified. That’s why the first step to doing a gap analysis is pinpointing your strategic priorities, so you can determine the risk posture for them.

        They can take many forms: increasing revenue by releasing a new product, moving into a new geographic region or expanding inorganically by buying or merging with another company.

        Once these strategic priorities are identified, they need to be communicated in such a way that the entire organization aligns around them. It’s all well and good if senior management knows that the company is going to be buying competitor XYZ; however, if that information doesn’t get to the risk management team before the acquisition, then it’s impossible for them to prepare or report accurate risk information that may be critical for the board of directors to know.

        OK, so the company has identified some strategic priorities, and they’ve been communicated out. Now comes the time to perform a gap analysis.

        Step 2: Perform a Gap Analysis

        How do you do a gap analysis? In a scenario like this – where the goal is to identify the risk around a particular business priority – we’re looking to assess the gaps between what we currently do from a regulatory/compliance perspective, and what we’ll need to do in the future to meet this strategic goal.

        Let’s take the example of expanding into a new region. If we’re entering the European market for the first time, we may need to start worrying about GDPR.

        Or, if we’re buying another organization, we should check if their market has specific regulatory requirements we’re not already meeting. For instance, will we have dipped our toes into the financial sector or suddenly acquired government contracts with entities we haven’t dealt with before?

        Applying the controls and evidence you have to the new requirements will show where there are things that you may not be covering effectively. In other words, the gaps.

        In the Reciprocity ROAR platform, this can be as easy as creating a new Cyber Assurance Program for the strategic priority with the necessary frameworks, or adding a framework or two to an existing program.

        Step 3: Implement Controls for Risky Priorities

        Now that you have an idea of what your compliance/hardening posture might be, you can see what that will do to your risk posture. As I expect most readers know, controls in place will reduce your inherent risk and yield some amount of residual risk, even after mitigation.

        However, ineffective controls do nothing to reduce your residual risk. This is why identifying those things that are ineffective is a necessary step in determining what your risk posture is, and since there may be new requirements for a strategic priority, there may need to be new controls as well, or modifications to existing controls. Seeing those gaps in the gap analysis allows you to accurately take that into account in your risk assessment.

        This is what we mean when we talk about getting early visibility into the risk of your strategic business priorities. You’ve identified the priorities, performed a gap analysis and used what you learned in the gap analysis to influence your risk assessments. You’re now prepared to go have an informed and frank conversation about the risk associated with that business priority.

        Close Your Gaps – FASTER

        What’s the quickest way to close the gaps your company’s strategic initiatives create?

        Automate your gap analysis!

        Gain the insights you need to drive business decisions with the Reciprocity ROAR platform. Sign up for your FREE demo today – so you can take your company further tomorrow (with LESS risk).

        Why sign up for the Risk Insiders newsletter?

        To stay in the know! Get new blogs, resources, CPE opportunities, industry research & more — direct to your inbox.

        Thank you for subscribing to the Risk Insiders newsletter!

        Recommended

        Image
        Up Your Lean Risk Management Team’s Efficiency
        Best Practices for Lean Risk Management Teams
        Risk

        Up Your Lean Risk Management Team’s Efficiency

        Read more
        Image
        Duty of Care Risk Analysis (DoCRA) Explained
        hand tapping digital risk management icons
        Risk

        Duty of Care Risk Analysis (DoCRA) Explained

        Read more
        Image
        The Secret to Reframing Risk
        reframing cybersecurity risk
        Risk

        The Secret to Reframing Risk

        Read more

        Discover the Power of the Reciprocity ROAR Platform

        Get a Demo
        Reciprocity Logo
        Product
        • ROAR Platform
        • ZenComply
        • ZenRisk
        • ZenGRC Platform
        • Risk Intellect
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • Customer Success
        Resources
        • Resource Center
        • Reciprocity Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners
        Contact Us
        Contact Us

        © 2023 All rights reserved

        Privacy Policy