CaaS - Compliance as a Service
Compliance as a Service – The new frontier
I was stuck in Chicago the past two days thanks to mother nature, and I got to see parts of Michigan I had never seen (Saginaw), care of United Airlines. This meant I had lots of time to think about what ifs. The big idea I thought about was something I had blogged about a while back – Compliance as a Service.
There is one absolute truth about compliance that is not open to interpretation –
The costs of Compliance are 100% costs to a business
What does a company get out of compliance that help drive sales and generate revenue?
Is compliance merely insurance designed to keep us humans honest and insure that we do what we say we do, and that there is a safety on the Howitzer?
I will say that the intent of compliance is good – increase transparency within an organization, set standards for what the transparency level needs to be and make sure that a few bad apples are known about as early as possible before they bring down entire companies.
What I don’t like about compliance is that the guidelines for the most part, are open to interpretation. It’s what happens when people with little operational knowledge (lawyers and politicians) come up with ways to insert operational best practices into a system they know nothing about. It’s like me trying to improve on the intent of communism – in theory it’ll work. In reality it’s a cluster-f*** waiting to happen.
So what are alternative solutions to this spend? Reduce costs. Period. The interpretation will be there, however in what I have lived through personally in the compliance realm (HIPAA, SOX, PCI) I have come to believe one thing above all else – do something. If the guidelines are open to interpretation, interpret them in a way that gives you and your auditors a defensible position and monitor and improve the processes to reduce costs.
The new frontier is CaaS – Compliance as a Service. Fixed cost, consistent automated reporting, a defensible model for implementing and showing transparency. If the candidates out on the campaign trail do away with SOX, that would also be a great way to lower cost...
I was stuck in Chicago the past two days thanks to mother nature, and I got to see parts of Michigan I had never seen (Saginaw), care of United Airlines. This meant I had lots of time to think about what ifs. The big idea I thought about was something I had blogged about a while back – Compliance as a Service.
There is one absolute truth about compliance that is not open to interpretation –
The costs of Compliance are 100% costs to a business
What does a company get out of compliance that help drive sales and generate revenue?
Is compliance merely insurance designed to keep us humans honest and insure that we do what we say we do, and that there is a safety on the Howitzer?
I will say that the intent of compliance is good – increase transparency within an organization, set standards for what the transparency level needs to be and make sure that a few bad apples are known about as early as possible before they bring down entire companies.
What I don’t like about compliance is that the guidelines for the most part, are open to interpretation. It’s what happens when people with little operational knowledge (lawyers and politicians) come up with ways to insert operational best practices into a system they know nothing about. It’s like me trying to improve on the intent of communism – in theory it’ll work. In reality it’s a cluster-f*** waiting to happen.
So what are alternative solutions to this spend? Reduce costs. Period. The interpretation will be there, however in what I have lived through personally in the compliance realm (HIPAA, SOX, PCI) I have come to believe one thing above all else – do something. If the guidelines are open to interpretation, interpret them in a way that gives you and your auditors a defensible position and monitor and improve the processes to reduce costs.
The new frontier is CaaS – Compliance as a Service. Fixed cost, consistent automated reporting, a defensible model for implementing and showing transparency. If the candidates out on the campaign trail do away with SOX, that would also be a great way to lower cost...
Labels: Audit, compliance
2 Comments:
Mark, you were just baiting me, right? Compliance cannot be delivered as a service. More accurately, Compliance as you have described it cannot be delivered as a service. See either Tuesday Night or Audit Trail.
My Audit Trail link was broken; fixed it.
Post a Comment
<< Home