A new report has revealed that ‘compliance fatigue’ among organizations is becoming commonplace.
Surprisingly, compliance is not a board-level issue for all organizations. This may be because the issue has faced both private and public sector organizations for many years, and therefore has dropped off many CEOs’ radars.
However, as would seem obvious when one considers the implications of not being compliant, responsibility for the issue should remain at the highest level. There are many companies without an IT compliance plan and practices, particularly those that are unsure about which pieces of legislation and regulations apply to them.
Organizations that have responded to compliance requirements tend to fall into heavily regulated environments – e.g. financial services and the public sector – and have adopted a traditionally ‘siloed’ approach to compliance. Effectively, each regulation or requirement has been addressed in turn.
However, holistic compliance management – the centralizing of compliance across all of an organization’s compliance needs – has come to the fore recently, in a desire to move away from siloed compliance management.
A new Business Insights report on the matter notes that the costs of operating compliance on an individual basis are increasing, and these are soon expected to surpass the costs of holistic compliance. Once this happens, organizations are likely to adopt a process-driven approach to how information is managed, and how compliance practices are planned and executed. This will be formalized in terms of the sequence of tasks, and information and documentation requirements and outcomes, to ensure compliance requirements are addressed in an integrated and systematic way.
The key objectives suggested by Business Insights, when looking at a holistic approach, are that compliance objectives must be established, the organization must have a compliance culture, best practice policies, and a compliance architecture must be in place, appropriate technology solutions must be selected, and key metrics identified. All of these can only be achieved if the compliance issue is driven from board level.
Legislative and regulatory compliance should be an enterprise endeavor, considered at board level for an organization-wide response. Organizations that do not have compliance driven from this level are putting themselves at risk.