You are an information system auditor of HDA Inc. You are auditing and have been tasked with evaluating the organization's level of exposure in a country where a new regulation restricts cross-border transfer of personal data. What would provide the most valuable assistance in conducting this assessment?