Many organizations begin meeting compliance obligations using Compliance 1 practices. These are founded on basic capabilities that are mostly reactive in nature focused on meeting prescriptive regulatory requirements. Compliance is added "on top" of what is already happening. The hope is that this will be enough to satisfy external regulators and maintain a regulatory license to operate. While this is how most start it is not the way compliance should continue.
Obligations today have expanded beyond regulatory prescription to encompass a broader set of commitments. Many of these are risk-based focused on performance and advancing outcomes such as net zero emissions, zero incidents, and so on. These have more to do with providing legitimacy for a social license rather than strictly regulatory adherence.
To contend with these broader obligations many organizations scale up their compliance by doubling down on their existing practices. Unfortunately, Compliance 1 practices lack the capability to provide the assurance that stakeholders require.
Today's compliance challenges requires proactive and systems capabilities that integrate with the business and not just sit on top of it. It also has to contend with uncertainty and risk. We call this Compliance 2 which compared with Compliance 1 is analogous to the difference between total quality management (TQM) and quality control & assurance (QC/QA), or Safety 1 and Safety 2 from the safety domain.
Adopting Compliance 2 requires establishing processes to define the lines followed by the operational capabilities to stay within them. Operational compliance is responsible to implement these capabilities and processes.
The internal audit function still has a role under Compliance 2. However, auditing now focuses on evaluating effectiveness as measured against compliance outcomes. This will include evaluating the level of compliance and operational risk.
If you are ready to elevate your compliance consider joining The Proactive Certainty Program™
If you are ready to improve your knowledge and skills register for our upcoming micro learning series: SYSTEMS-LEAN-RISK First module beings April 5th.
