Risk & Control Frameworks

Frameworks for your industry, risk, or regulatory area.

Get your content suite now

Contact us now for a no obligation review of how content suites can accelerate your ACL experience

Ensure regulatory compliance. Track key control performance. Mitigate strategic risk.

Whether you work in government, higher education, banking and lending, IT, finance, or commercial business, you can quickly and easily apply industry best practices to assure control effectiveness.

We’ve compiled these ready-to-use risk and control matrices to help you identify and implement the frameworks that matter most to your business. This allows you to spot and address strategic risks that could prevent you from meeting your objectives.

Risk & Control Frameworks by Content Suite

Banking & Lending

ACL’s content helps increase the value you bring to your organization by providing a lens on emerging risk while staying on top of the latest regulatory requirements. It’s a platform for you to intelligently manage and execute on your strategic agenda. No matter if you’re a bank or credit union, we’ve curated content toolkits to facilitate cross-collaboration between your three lines of defense. In no time, they’ll be speaking one common language and using a common taxonomy.

  • Last updated December 7, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the OCC Supervised Banking Risk Assessment.
  • Last updated May 15, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the CFPB Electronic Funds Transfer Act (EFTA) 2013.
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for Debt Collection (CFPB 2012).
  • Last updated February 8, 2018

    Compliance Map: embedded content to simplify management of compliance obligations for the FDIC Equal Credit Opportunity Act Examination Checklist (2015).
  • Last updated February 8, 2018

    Compliance Map: embedded content to simplify management of compliance obligations for the FDIC Gramm-Leach-Bliley (GLBA) Examination Checklist (2016).
  • Last updated February 8, 2018

    Compliance Map: embedded content to simplify management of compliance obligations for the FDIC Home Mortgage Disclosure Examination Checklist (2015).
  • Last updated May 1, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the FDIC Servicemember Civil Relief Act (SCRA) 2016 .
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Flood Disaster Protection Act (OCC 2017).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Homeowners Protection Act (FDIC 2015).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Interagency Fair Lending (FFIEC 2009).
  • Last updated November 13, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Interagency Truth in Lending Act (CFPB 2018).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Interagency Truth in Savings Act (CFPB 2012).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Military Lending Act (CFPB 2016).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the Mortgage Origination (CFPB 2015).
  • Last updated October 30, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the S.A.F.E Act (CFPB 2012).
Learn more about this content suite

Governments & Higher Education

As a GRC professional, you’re constantly challenged to do more with less. Whether you’re assuring regulatory compliance, managing your organization's evolving risk landscape or protecting against fraud, waste and abuse, we can help. Drawing on decades of experience working with hundreds of governments and educational institutions, ACL is positioned to help you achieve your GRC goals. The toolkits below include an integrated library of standards and regulations and resources to help make your job easier.

  • Last updated February 8, 2018

    Compliance Map: embedded content to simplify management of compliance obligations for the AGA® Subrecipient Risk Assessment Monitoring Tool 2009.
  • Project Templates: ready-to-use project templates to help you set up your GAGAS compliance management projects faster.
  • Project Templates: ready-to-use project templates to help you set up your GAGAS compliance management projects faster.
  • Project Templates: ready-to-use project templates to help you set up your GAGAS compliance management projects faster.
Learn more about this content suite

IT Governance

Compliance with multiple IT standards, regulatory requirements, and internal policies can be daunting. But it doesn’t have to be—automate your IT risk and compliance program using ACL's growing, evergreen collection of regulatory and compliance content. Increase assurance over IT general controls, data privacy, and cybersecurity using our integrated content to monitor compliance programs by mapping IT regulations and standards against common control frameworks. Pre-built analytics help you quickly determine high-risk activities related to unauthorized access. ACL makes it easy for you to minimize risk exposure and collaborate with your front line.

  • Last updated July 18, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the CSA Cloud Controls Matrix (Version 3.0.1) 2016 .
  • Last updated July 18, 2018

    Risk & Control Framework: ready-to-use risk and control guidance for the ISACA Data Protection Impact Assessment 2017 to assist your organization in implementing effective controls for GDPR and emerging data privacy laws.
  • Last updated October 23, 2018

    The ISO/IEC 27002:2013 Information Technology Framework includes the controls and activities for IT and audit professionals to assess their organization's progress towards implementing the framework.
  • Last updated February 8, 2018

    Compliance Map: embedded content to simplify management of compliance obligations for NIST SP 800-66 Implementing HIPAA Security Rule Revision 1.
Learn more about this content suite

Subscription Value

It’s a challenge to understand where risk may exist in material processes across your organization. With literally hundreds of frameworks and even more requirements, where do you even begin to determine the most recent industry framework to use and the most effective controls to implement to illuminate your risks? What you need is a simple way to apply best practice analytics or implement common industry frameworks (i.e., COSO, COBIT).

With ACL’s Subscription Value Suite, we can help you get off the ground faster. Draw on the experience of ACL and our vast community of users to leverage proven tools and industry-rich knowledge you won’t find anywhere else. Find ready-to-use regulatory standards and frameworks, pre-built analytic scripts and more. There’s no easier path to helping your organization instantly drive performance and make the right strategic decisions.

  • ACL project templates are pre-built projects that serve as starting points for building projects. As every project is different, additional customization may be required.
  • Last updated November 19, 2018

    Risk & Control Framework: Select your internal control framework for your SOX 404 compliance from a trusted source. ACL’s embedded SOX content includes the ready-to-use framework from COSO, adopted by the majority of US publicly traded companies, to help you easily assess and report on the design and operating effectiveness of your internal controls.
  • Last updated November 15, 2018

    Risk & Control Framework: Reduce compliance efforts for your SOX compliance program with ACL’s embedded SOX ITGC framework. Easily identify the exact scope and extent of testing for SOX ITGC to be performed and quickly demonstrate compliance with each general control process area.
Learn more about this content suite

Not what you were looking for? Explore more content types

Strategic Risk Libraries

  • Enterprise Risk Libraries
  • Financial Services - Banks & Lending Enterprise Risk Library
  • Healthcare - Providers Enterprise Risk Library
  • And more

Standards & Regulations

  • AICPA Trust Security Criteria 2016 - SSAE 16/18 SOC 2
  • AICPA Trust Security Criteria 2017 - SSAE 16/18 SOC 2
  • Availability of Funds and Collection of Checks - 12 CFR 229 (FRB Regulation CC)
  • And more

Analysis Apps

  • ACH Data Import and Preparation Scripts
  • ACL Academy Online Training
  • ACL Essentials - Accounts Payable
  • And more