CA Community






This Blog
Syndication

Leveraging Compliance for Operational Excellence

Published: December 18 2009, 07:50 AM
by Shirief Nosseir

It comes as no surprise that compliance requirements are expected to multiply over the next few years across many industries.  But the question I get asked often is how can a business continue to be effective at meeting increasing compliance requirements while not hampering its operational excellence and innovation. 

Well, increasingly more businesses are now taking a more strategic approach to compliance; making it risk-based and benefits driven. “Check box” compliance has proven to be an unreliable and costly way to meet audit and regulatory requirements. Risk assessment and rationalization of controls for multiple regulations continue to be the most-effective way of reducing the compliance burden. We need to keep in mind that on average in 2008 (according to GMG Insights - GMG Global IT Compliance Report 2009); large organizations in Europe had to monitor 48 separate regulations, so eliminating redundancies is a critical requirement. 

Also, too many businesses continue to tackle their regulatory requirements at the business unit level, which creates a series of ‘compliance silos’ across the business. At the same time, many businesses also treat compliance and risk management as silos of responsibility, supported by costly, reactive point solutions. In these cases, the business efficiency and value benefits of a comprehensive compliance and risk management program are lost.

Instead, the organisation should be looking to run its compliance needs according to risk priorities. Critical risk areas should be addressed by a set of corporate policies that make it easier to respond to all related regulatory requirements rather than creating a solution specific to each regulatory requirement.

According to a survey (GRC Strategy Survey 2007) conducted by the Open Compliance and Ethics Group (OCEG), 65% of respondents reported serious business problems through inconsistent or redundant compliance and risk management processes. Moreover, 71% of respondents who integrated their compliance and risk management activities met or exceeded their expectation. 

Here’s a CA paper with more thoughts on continuous compliance. 

Anyone out there with their own experiences/thoughts?

Share this post:  
Tags: , , , ,
Leave a comment

 

By: Shirief Nosseir
With a degree in computer science and business administration, Shirief brings business and technical know-how to his role on the EMEA Security Management team. As he interacts with many organisations and experts in the field, he is able to understand their experiences and challenges and help devise...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit