8 ways to ... ensure comprehensive compliance.
Author | Bartram, Peter |
Position | Dialogue with Richard Hibbert - Interview |
Too many executives regard compliance management as an unwelcome overhead until something goes wrong. Encouraging them to treat the process as a way to improve working practices, rather than as a box-ticking exercise, should improve how it's perceived, according to Richard Hibbert, CEO of SureCloud, a provider of governance, risk and compliance software
[1] Make compliance a 'business as usual' activity
"A continuous approach to compliance management can deliver far more value to an organisation than a series of retrospective assessments would," says Hibbert, who cautions against relegating it to an annual activity. It should be part of the normal day-to-day routine in which activities are reviewed alongside other tasks.
"Continuous compliance is more efficient in terms of process and it also yields higher and more stable levels of compliance. Organisations will be more secure and less likely to be breached as a result," he says, adding that firms wishing to adopt the business-as-usual approach to compliance needn't find the switch a complex one.
[2] Adopt a structured approach
Regulatory projects are different from others because they are not usually optional, observes Brian Ford, associate director at LOC Consulting. He advises companies to adopt the following three-step process.
First, you need to understand the scope and timing of the relevant regulations. Look at the implications for your organisation and determine which parts of it may be affected by these. Second, conduct a gap analysis to determine what further action you need to take to ensure that you are fully compliant. Prioritise the changes you need to make into a tailored to-do list, along with timings, that can be presented as a business case and high-level budget for review by senior executives. Third, implement the plan.
"This includes project initiation and approval; planning and resourcing; stakeholder management; training, development and testing; and the all-important transition management and implementation," Ford says.
[3] Understand why things go wrong
The firms that get caught out time and time again by regulators are those that apply sticking plasters to symptoms of non-compliance instead of finding the root causes. Compliance teams need to work with managers to identify potential behavioural problems that may result in misconduct, according to Ronnie Kann, managing director of CEB, a member-based business advisory company.
"In addition to flagging behavioural...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.