Increasingly, companies are adopting continuous improvement driven by several methodologies that include LEAN and AGILE. However, the overarching driver is the desire to achieve continuous delivery of value.
These approaches fundamentally change how a business operates and impacts all aspects of the value chain including the processes that support them such as productivity and compliance programs. Production processes have moved towards continuous flow by applying LEAN principles. IT has done the same by combining development and deployment (ie. DEVOPS) to support continuous delivery. However, compliance for the most has lagged behind and still functions using the old factory model using an audit-fix cycle which is too slow to keep up with continuous change.
A major contributor to why companies haven not taken a proactive approach to compliance is that they do not know exactly where they are going with their compliance. The lack of clear and concise goals makes it difficult to select strategies and to measure effectiveness. In fact, most companies do not even measure the cost of compliance. However, even knowing the cost, without goals you cannot know if you are over or under investing.
To properly establish goals you need to first define your compliance obligations and this means specifying:
outcomes - what you want to accomplish,
objectives - how you intend to accomplish them,
risks - what are the threats and opportunities to meeting objectives and achieving outcomes,
critical to compliance - evidence of compliance
measures of performance - ability to achieve system objectives
measures of compliance - key compliance results or indicators critical to compliance success
measures of effectiveness - progress towards program outcomes
Compliance obligations serve to properly align programs, systems and processes and makes it possible to apply proactive strategies to continuously meet them. Defining compliance obligations increases the certainty compliance can be met, but as importantly, that compliance outcomes are advanced on a continuous basis.
Continuous value requires continuous improvement which requires continuous compliance.