Under which circumstances should an enterprise consider the implementation of a strong compliance function as part of their governance system?

Under which circumstances should an enterprise consider the implementation of a strong compliance function as part of their governance system?
A . When the enterprise is subject to substantially higher than average compliance regulations because itis operating in a heavily regulated industry sector
B . Under all circumstances, because every enterprise is subject to compliance regulations
C . When the enterprise is operating in a high-threat landscape because of its geopolitical situation
D . When the enterprise has a strict set of policies and procedures in place

Answer: A

Explanation:

An enterprise should consider the implementation of a strong compliance function as part of their governance system when it is subject to substantially higher than average compliance regulations because it is operating in a heavily regulated industry sector.

In COBIT 2019, the need for a strong compliance function is influenced by the regulatory environment in which the enterprise operates. Enterprises in heavily regulated industries face stringent compliance requirements and significant consequences for non-compliance. Therefore, a robust compliance function is essential to ensure adherence to regulations and to mitigate compliance-related risks.

COBIT 2019 Framework

Reference: COBIT 2019 Framework: Introduction and Methodology, Chapter 5: Discusses the importance of compliance requirements as a design factor in tailoring the governance system.

COBIT 2019 Design Guide, Chapter 2: Highlights the role of compliance and assurance capabilities in highly regulated industries.

Implementing a strong compliance function in such scenarios helps the enterprise manage regulatory risks, maintain compliance, and avoid legal and financial penalties.