SEARCH

“We need to move beyond compliance.” I used to think that moving beyond compliance was the answer. When we say, “we need to move beyond compliance” where exactly do we need to move to? However, what this means is that: We don’t need to move beyond compliance. We need to catch up to where compliance now is. This does require going beyond “basic compliance” – adhering to legal requirements – towards “total compliance

Organizations today grapple with numerous compliance requirements: safety, security, sustainability, Some leaders deliberately position compliance functions far from core operations, perhaps viewing them The difficulty in placing compliance programs stems from an intuitive understanding that effective compliance When considering compliance's proper place, we should recognize that it isn't analogous to a hand or Instead, compliance functions more like the heart of an organization, circulating vital resources to

Many organizations begin meeting compliance obligations using Compliance 1 practices. Compliance is added "on top" of what is already happening. While this is how most start it is not the way compliance should continue. We call this Compliance 2 which compared with Compliance 1 is analogous to the difference between total The internal audit function still has a role under Compliance 2.

This is why many companies view compliance, particularly in the form of inspection, as a form of waste Specifically, compliance adds to waiting, unnecessary movements, and to inefficient processes. But is this the best way to think about compliance – as a waste? Meeting compliance expectations creates legitimacy, trust and ultimately customer loyalty. When companies consider compliance as a necessary evil they tend to use mostly inspections and audits

The next step in establishing risk treatments is to understand the nature of the compliance risk which In some compliance domains this is called preventable risk. This begs the question of why not treat all compliance risk as irreducible which by-the-way many do. A company's margin is significantly and negatively impacted by the cost of realized reducible compliance

While Governance, Risk, and Compliance (GRC) in IT typically focuses on certified management systems It needs to be operational, with all components working together to achieve compliance goals and objectives Lean Compliance addresses this gap by helping organizations achieve minimal viable compliance (MVC)—ensuring Rather than focusing on integration alone, Lean Compliance emphasizes operability through a comprehensive Our outcome-focused approach is what makes Lean Compliance different: we aim higher to ensure compliance

While these design principles makes sense for IT solutions, they are not what's needed for compliance Instead, compliance needs to achieve a tighter coupling and greater transparency with the value chain What Compliance Needs from IT Compliance needs an integrative approach with the value chain not just This also applies to the tools an technologies that are used to support compliance. Negotiating the cultural and architectural differences between compliance and IT is critical for compliance

Operational Compliance Programs are the vehicles to deliver compliance value – better compliance outcomes compliance outcomes, fostering a culture where compliance is not seen as a hindrance but as an enabler Embracing change allows compliance programs to anticipate potential disruptions, minimize compliance is to regulate compliance systems and processes to achieve risk and compliance performance targets. Summary: Operational Compliance Programs steer organizations towards compliance outcomes as well as

Many organizations implement their compliance systems in a phased approach by working through each element Target these deficiencies for compliance with the standard. They most likely have not been designed to work together within the context of the desired compliance They still need to adapt them to work together to fulfill the purpose of the new compliance system. System behaviours create the opportunity for compliance to be achieved.

Agile and Lean Startup are examples of system-thinking used in software development but also compliance The Proactive Certainty Program™ learn and use systems-thinking to reach operational and effective compliance

What about Compliance? When it comes to compliance, training is a big thing. In fact, training for many organizations is seen as the dominate means to achieve compliance apart from Receiving training about compliance while important is ineffective without practicing the skills needed to achieve compliance and that has more to do with keeping promises. You could say (and I do) that the practice of promise keeping is the true work of compliance.

Historically compliance is considered as a means to keep risk at bay. This places compliance programs along side of the value chain with risk reduction as the goal. In a sense, both risk & compliance suffer from too many check boxes and not enough action. However, compliance here does not mean check boxes. That is why we propose using the labels Certainty & Compliance rather than Risk & Compliance .