The first course of action when assessing the impact of a new regulatory requirement is to map the regulation to business processes. This means identifying and analyzing which business processes are affected by the new regulation, how they are affected, and what changes are needed to comply with the regulation1. Mapping the regulation to business processes helps to understand the scope, complexity, and priority of the regulatory compliance project, and to align the IT and business objectives and strategies1. It also helps to identify the stakeholders, roles, responsibilities, and risks involved in the compliance process, and to communicate and coordinate with them effectively1. The other options are not as important as mapping the regulation to business processes, as they are dependent on the outcome of this step. Updatingaffected IT policies, assessing the budget impact of the new regulation, and implementing new regulatory requirements are subsequent steps that should be done after mapping the regulation to business processes2. References: How to Map Regulations to Business Processes. CGEIT Certification | Certified in Governance of Enterprise IT | ISACA.