Laws continue to be enacted, and the regulatory environment has become more complex due to unacceptable conduct remediation. Consequently, entities continue to be compelled to demonstrate compliance with legal mandates through documented assurance assessments.

As for relegated/delegated responsibility to ensure organizational software licensing compliance, management is still accountable when intellectual property rights are violated. If the safeguarding responsibility is assigned to an ineffective and/or inefficient unit within an organization, IT audit should recommend an alternative arrangement after the risks are substantiated.

Every company has the type of compliance program it wants. The deciders decide on how to allocate resources and position their chief compliance officer, and the result reflects their priorities.

That's part of what we have to determine. Were they in compliance with the regulations? Was the system functioning?

There are no laws or regulations that would prevent that.

The Chief Compliance Officer reporting to the General Counsel can work great, until it doesn't.