8 ways to ... ensure comprehensive compliance.

AuthorBartram, Peter
PositionDialogue with Richard Hibbert - Interview

Too many executives regard compliance management as an unwelcome overhead until something goes wrong. Encouraging them to treat the process as a way to improve working practices, rather than as a box-ticking exercise, should improve how it's perceived, according to Richard Hibbert, CEO of SureCloud, a provider of governance, risk and compliance software

[1] Make compliance a 'business as usual' activity

"A continuous approach to compliance management can deliver far more value to an organisation than a series of retrospective assessments would," says Hibbert, who cautions against relegating it to an annual activity. It should be part of the normal day-to-day routine in which activities are reviewed alongside other tasks.

"Continuous compliance is more efficient in terms of process and it also yields higher and more stable levels of compliance. Organisations will be more secure and less likely to be breached as a result," he says, adding that firms wishing to adopt the business-as-usual approach to compliance needn't find the switch a complex one.

[2] Adopt a structured approach

Regulatory projects are different from others because they are not usually optional, observes Brian Ford, associate director at LOC Consulting. He advises companies to adopt the following three-step process.

First, you need to understand the scope and timing of the relevant regulations. Look at the implications for your organisation and determine which parts of it may be affected by these. Second, conduct a gap analysis to determine what further action you need to take to ensure that you are fully compliant. Prioritise the changes you need to make into a tailored to-do list, along with timings, that can be presented as a business case and high-level budget for review by senior executives. Third, implement the plan.

"This includes project initiation and approval; planning and resourcing; stakeholder management; training, development and testing; and the all-important transition management and implementation," Ford says.

[3] Understand why things go wrong

The firms that get caught out time and time again by regulators are those that apply sticking plasters to symptoms of non-compliance instead of finding the root causes. Compliance teams need to work with managers to identify potential behavioural problems that may result in misconduct, according to Ronnie Kann, managing director of CEB, a member-based business advisory company.

"In addition to flagging behavioural...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT