|Get a health check
Perhaps it’s because compliance was imposed by outsiders and is a pain to do, that it got off to such a bad start. The very mention of the word elicits groans from everyone but card‐carrying auditor types, yet compliance can deliver big paybacks if approached the right way. In this series we explore how:
• To use compliance to stress‐test your organisation’s health;
• Compliance can help you identify risk areas;
• A gram of prevention beats a kilo of cure;
• Compliance delivers bottom line benefits; and
• It’s not difficult to realise them.
Compliance is the systematic measurement of how your processes and procedures conform with your policies and objectives. It underpins management and is the cornerstone of quality improvement, and yet gripes usually range from ‘what’s the minimum I can get away with’ to ‘isn’t it cheaper to pay the fine?’
Fines can be sizable as Zurich Insurance discovered in 2010 when the UK’s Financial Services Authority fined the company £2,750,000 for ‘failing to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the enterprise security of customer data.’ This followed the loss of data from some 46,000 policyholders (Financial Services Authority, Aug 24, 2010).
A recent Ponemon Institute study of 46 global firms found that meeting compliance cost them $3.5 million, yet non-compliance cost $9.4 million when business disruption, productivity loss, revenue loss and fines were taken into account (Noncompliance Much More Costly Than Compliance; Dark Reading Jan 31, 2011).
So it’s probably worth another look. How you view compliance may depend on whether you focus on process or outcome. That is, if you have to do it anyway, you might as well get the maximum benefit. It’s just like getting fit: the process is tedious but the benefits make it more than worth the effort. Regardless of your industry, the health benefits of compliance to your organisation are impressive, and include the ability to:
• Measure operational performance against policies and objectives;
• Confirm that policies and processes meet the objectives of stakeholders;
• Demonstrate sound risk control by operating within policies and procedures;
• Improve productivity and costs by reducing the gap between target and actual; and
• Test your processes and procedures for adaptation ion to future challenges.
The Global Financial Crisis (GFC) demonstrated with crushing effect what can happen when compliance processes fail or obligations are taken lightly. ‘If they did not know it before the crisis,’ says a report from the Economist’s Intelligence Unit, ‘companies are now acutely aware that … a box‐ticking approach to the management of strategic risks is, in a post‐crisis environment, more likely than ever to lead to corporate ruin (Beyond box-ticking - A new era for risk governance; Economist Intelligence Unit Report).