Why we need it and what it takes..
Risks have always been part of every aspect of life and business too. If handled with preparedness, preemptive approach, it can open many new doors of opportunities.
While many companies work hard around audit time to ensure they can report compliance for the audit period and advertise strength of their risk framework, only to fall in unknown, uncontrolled territory post the audit; others believe in building a more comprehensive approach and build a compliance culture.
Often, Compliance Management is confused with ticking the boxes of checklist, fancy presentations with jazzy dashboards for the board. While in its true sense, it needs a stronger commitment to inherit a Compliance Culture that motivates every stakeholder to be self driven and get aligned to organisation’s Risk objectives. While we effectively manage the existing risks, we also need to be aware of the new risks that keep emerging in today’s dynamic world and explore designing processes around them.
Organisations need to believe, accept & practise integration of compliance as a key component of their culture. Contrary to many who treat this as an expense, it brings many long lasting impacts on the success of business, let’s analyse:
Commitment from the leadership team drives behavioural changes. Executives need to define and own the risk management process, emphasise significance strict adherence on compliance regularly during leadership meetings, internal policies, principles, SOPs and commit personal time for functional reviews, process enhancements. The tolerance levels should be set on top & adhered is spirit.
The team follow the footsteps of their leader. On the off chance that the managers pay attention to compliance, the workers are unquestionably bound to pay attention to it. If they don't, the workers won't. It's as simple as that.
The compliance has to be done by someone on the lowest level, but the impact of non compliance is on the top. So everyone’s trying to educate themselves through various available sources viz, newsletters, seminars, online search, legal opinions, etc. Many a time, the source of information and understanding of obligations at various levels within organisation differs. It often leads to everyone believing their source is better and fall under cracks.
Remember, while trying to reach same destination; we all need to follow same map.
While everyone hates review and audits, implementing a strong review mechanism is essential to identify mistake & take corrective actions timely; it works as an additional layer of defence.
In one of the most successful transformation of Compliance culture I witnessed in my career was with a Pharma company that included Compliance Management as part of their team’s annual KPI’s. Taking it further, they started announcing compliance champions every month. Champions names were displayed on the board for the month and they used to get a cash reward and a certificate.It worked wonders for them and within months, the compliance adherence increased multi folds.
The leadership believed that while the impact of non compliance rests on the top, it has to be executed across levels and everyone needs to be in aligned.
In VUCA world, nothing is predictable and constant. Covid-19 has only fuelled the vulnerabilities at each level; employee movements, attrition rates and pace of changes in Regulatory environment have increased at an unprecedented rates.
Investments in processes and knowledge created can be cashed if they are systematically stacked for replication and future reference; it’s only possible with help of technology.
With advancement of technology, compliance solutions are being offered on SaaS model; lowering the overall cost of deployment and ownership. Implementing an effective Compliance Management system in no longer a luxury that only biggies can afford; even a start-up or mid size can now safeguard themselves and they must now think and action in the right directions.