Back

Compliance Management Tool - Ernst&Young

Compliance Management Tool - Ernst&Young

This project was undertaken was undertaken during my 6 Week Summer Internship at Ernst & Young.

Introduction

Introduction

As threat to data increases day by day, organizations have to also be increasingly cautious about the regulations that governments make in order to protect intellectual property rights and concerns. a

As threat to data increases day by day, organizations have to also be increasingly cautious about the regulations that governments make in order to protect intellectual property rights and concerns. a

Context

Context

Organizations in India as well as abroad, no matter their size, manage their compliances using physical methods or excel sheets. Due to the presence of multiple compliances in one project and their complex nature of them, a dedicated person/team is set to manage them.

Organizations in India as well as abroad, no matter their size, manage their compliances using physical methods or excel sheets. Due to the presence of multiple compliances in one project and their complex nature of them, a dedicated person/team is set to manage them.

What is Compliance?

What is Compliance?

Compliance is the act of following rules, standards, or laws set by authorities or governing bodies. It ensures that an organization’s practices meet required obligations

For example, Indian companies must comply with the Companies Act, 2013 and GST rules, and UAE organizations that manage critical digital infrastructure must comply with the UAE Information Assurance (IA) Standard for cybersecurity.

Compliance is the act of following rules, standards, or laws set by authorities or governing bodies. It ensures that an organization’s practices meet required obligations

For example, Indian companies must comply with the Companies Act, 2013 and GST rules, and UAE organizations that manage critical digital infrastructure must comply with the UAE Information Assurance (IA) Standard for cybersecurity.

The Challenge

The Challenge

How might I create a platform, that not only is safe and reliable but allows multiple hierarchal stakeholders to add, manage or modify compliances, and also create assessments to check and mitigate audit risks?

How might I create a platform, that not only is safe and reliable but allows multiple hierarchal stakeholders to add, manage or modify compliances, and also create assessments to check and mitigate audit risks?

My Process

My Process

My process was a total of 6 weeks, from understanding the domain to creating the prototype.


During these 6 weeks, I was also tasked with many other small assignments too, but by managing my time efficiently, I was able to give this project the majority of the time.

I followed the Design Process from discovering the sector and problems by collaborating with senior consultants, to understanding users through primary and secondary research and finally ideating and presenting the solution to Directors & Partners at EY.

My process was a total of 6 weeks, from understanding the domain to creating the prototype.


During these 6 weeks, I was also tasked with many other small assignments too, but by managing my time efficiently, I was able to give this project the majority of the time.

I followed the Design Process from discovering the sector and problems by collaborating with senior consultants, to understanding users through primary and secondary research and finally ideating and presenting the solution to Directors & Partners at EY.

Competitive Analysis

Competitive Analysis

For me to achieve the above goal, I studied the current market, what are the existing platforms free & paid that are available for organizations?


I looked at user flows, how they are positioned, how can I leverage their strengths in my product while also keeping our product specific to the client and user needs.

For me to achieve the above goal, I studied the current market, what are the existing platforms free & paid that are available for organizations?


I looked at user flows, how they are positioned, how can I leverage their strengths in my product while also keeping our product specific to the client and user needs.

Primary Research & User Interviews

Primary Research & User Interviews

I conducted 4 remote and 2 in-person stakeholder interviews, in collaboration with management consultants, to understand the user/client needs, behaviours, motivations, and pain points among various age groups, proficiency levels, and role in the organisation.

  • Compliance Roles & Responsibilities – nature of each stakeholder’s function, frequency of engagement with compliance activities, and decision-making authority within the organization.

  • Existing Compliance Workflows – current methods used to manage standards, frameworks, and evidence (spreadsheets, emails, shared drives), and the steps followed during assessments and audits.

  • Pain Points & Operational Challenges – difficulties in tracking updates, mapping controls, managing approvals, collecting evidence, and maintaining consistency across multiple standards.

  • Digital Proficiency & Interaction Patterns – comfort levels with digital tools, preferred modes of communication, navigation habits, and expectations from enterprise platforms.

  • Information Access & Visibility Needs – requirements for dashboards, audit trails, ownership clarity, and cross-team collaboration to support transparency and monitoring.

I conducted 4 remote and 2 in-person stakeholder interviews, in collaboration with management consultants, to understand the user/client needs, behaviours, motivations, and pain points among various age groups, proficiency levels, and role in the organisation.

  • Compliance Roles & Responsibilities – nature of each stakeholder’s function, frequency of engagement with compliance activities, and decision-making authority within the organization.

  • Existing Compliance Workflows – current methods used to manage standards, frameworks, and evidence (spreadsheets, emails, shared drives), and the steps followed during assessments and audits.

  • Pain Points & Operational Challenges – difficulties in tracking updates, mapping controls, managing approvals, collecting evidence, and maintaining consistency across multiple standards.

  • Digital Proficiency & Interaction Patterns – comfort levels with digital tools, preferred modes of communication, navigation habits, and expectations from enterprise platforms.

  • Information Access & Visibility Needs – requirements for dashboards, audit trails, ownership clarity, and cross-team collaboration to support transparency and monitoring.

Findings

Findings

Information Architecture & Initial Wireframes

Information Architecture & Initial Wireframes

I started with low-fidelity wireframes, tried various layouts and navigations, explored main features such as compliance assessment, compliance management.

In this process, I received constructive feedback from various senior technical consultants, which broadened my purview and further motivated me to do better with each iteration.

I started with low-fidelity wireframes, tried various layouts and navigations, explored main features such as compliance assessment, compliance management.

In this process, I received constructive feedback from various senior technical consultants, which broadened my purview and further motivated me to do better with each iteration.

Solution & Final Screens

Solution & Final Screens

The final solution is a desktop only platform, with different flows and access to different stakeholders according to their level in the organisation.

Considering the project's limited time, I was not only able to finish the v1 of the prototype but also by collaborating with developers, was able to send it into launch.

Briefly, the platform is comes pre-loaded with all official compliances, one can change/modify them also. Alongside, one can track a project at every step with applicable compliances and create and manage assessments to prevent audit risks.

The final solution is a desktop only platform, with different flows and access to different stakeholders according to their level in the organisation.

Considering the project's limited time, I was not only able to finish the v1 of the prototype but also by collaborating with developers, was able to send it into launch.

Briefly, the platform is comes pre-loaded with all official compliances, one can change/modify them also. Alongside, one can track a project at every step with applicable compliances and create and manage assessments to prevent audit risks.

COMPLIANCE MANAGEMENT SCREENS

*details and images have been replaced with default text due to NDA

COMPLIANCE MANAGEMENT SCREENS

*details and images have been replaced with default text due to NDA

This flow shows how you can manage an existing compliance, edit versions and even sub -sections and intricacies in versions. Visible preview shows the changes in the compliance document also.

This flow shows how you can manage an existing compliance, edit versions and even sub -sections and intricacies in versions. Visible preview shows the changes in the compliance document also.

COMPLIANCE ASSESSMENT SCREENS

*details and images have been replaced with default text due to NDA

COMPLIANCE ASSESSMENT SCREENS

*details and images have been replaced with default text due to NDA

This flow shows how you can create an assessment, select the sub-section controls you want to add to the assessment, upload the documentation/project documents, it will automatically check and give you a compliance score.

This flow shows how you can create an assessment, select the sub-section controls you want to add to the assessment, upload the documentation/project documents, it will automatically check and give you a compliance score.

Learnings & Future Scope

Learnings & Future Scope

This project timeline focused on understanding the compliance ecosystem and translating stakeholder insights into a structured, user-centric design flow for CCPM within the 6 week internship duration.

Looking ahead, future testing could include reduction in manual compliance effort, time taken to complete assessments, accuracy of automated control extraction, and user confidence in audit readiness.


  • Designing for Complexity, Delivering Simplicity – Working on a domain-heavy product like compliance taught me how to simplify a complex ecosystem of regulations, controls, and workflows into intuitive screens and guided journeys without diluting its depth.

  • Systems Thinking & Information Architecture – I learned how to structure multi-layered frameworks, hierarchies, and versioned entities while ensuring users always know where they are and what action to take next.

  • Cross-Functional Collaboration – Partnering with management consultants, developers, refined my ability to translate business logic and regulatory language into scalable product flows and user-centric interfaces.

  • Owning Ambiguity – Not everything was defined—standards evolve, requirements shift. I grew comfortable asking better questions, validating assumptions, and proactively shaping incomplete requirements into workable design decisions.

  • Designing for Enterprise Behaviour – Understanding the motivations and behaviours of users across age groups, roles, and technical proficiency levels helped me incorporate guidance, approvals, and clarity where enterprise friction usually peaks.

This project timeline focused on understanding the compliance ecosystem and translating stakeholder insights into a structured, user-centric design flow for CCPM within the 6 week internship duration.

Looking ahead, future testing could include reduction in manual compliance effort, time taken to complete assessments, accuracy of automated control extraction, and user confidence in audit readiness.


  • Designing for Complexity, Delivering Simplicity – Working on a domain-heavy product like compliance taught me how to simplify a complex ecosystem of regulations, controls, and workflows into intuitive screens and guided journeys without diluting its depth.

  • Systems Thinking & Information Architecture – I learned how to structure multi-layered frameworks, hierarchies, and versioned entities while ensuring users always know where they are and what action to take next.

  • Cross-Functional Collaboration – Partnering with management consultants, developers, refined my ability to translate business logic and regulatory language into scalable product flows and user-centric interfaces.

  • Owning Ambiguity – Not everything was defined—standards evolve, requirements shift. I grew comfortable asking better questions, validating assumptions, and proactively shaping incomplete requirements into workable design decisions.

  • Designing for Enterprise Behaviour – Understanding the motivations and behaviours of users across age groups, roles, and technical proficiency levels helped me incorporate guidance, approvals, and clarity where enterprise friction usually peaks.