Compliance as a Service Round 2
I just took a wander over to my buddy Ian Glazer's site as he has posted a retort to my compliance as a service rant.
I have offered one back, and of course 30 seconds after I hit submit, I realized I forgot something, a distinction that is key. Compliance is a state of okay-ness delivered through transparency (documented okay-ness) and determined by a set of standards generally developed by people with less expertise than those who the standards must be accepted and implemented by.
***
Ian, I always love mixing it up with you.
I will respectfully argue that compliance is not about people other than the operational change a person must execute to be compliant. I will also argue that because people are involved, the more risk is present to not be in compliance.
Compliance in its purest form is group behavior modification that comes about by one’s behavior (’One’ referring to a company/organization/person) being made transparent and available for scrutiny. It is designed to make us honest, keep us honest, and provide a set of rules we all need to play by. In a way it’s a lot like art - people will interpret the same painting, sculpture, etc. different ways.
That is why the less we involve people in compliance the less margin for mis-interpretation can exist and the better off we can be.
Compliance is 100% cost at the end of the day, and companies who have figured out that it is in their best interest to automate every process to be compliant, and automate the measuring of that process, and communicate that the right process exists, will be followed, and if it’s not, people all over the company will know, and know quickly.
It is different lenses looking at the same thing…
I have offered one back, and of course 30 seconds after I hit submit, I realized I forgot something, a distinction that is key. Compliance is a state of okay-ness delivered through transparency (documented okay-ness) and determined by a set of standards generally developed by people with less expertise than those who the standards must be accepted and implemented by.
***
Ian, I always love mixing it up with you.
I will respectfully argue that compliance is not about people other than the operational change a person must execute to be compliant. I will also argue that because people are involved, the more risk is present to not be in compliance.
Compliance in its purest form is group behavior modification that comes about by one’s behavior (’One’ referring to a company/organization/person) being made transparent and available for scrutiny. It is designed to make us honest, keep us honest, and provide a set of rules we all need to play by. In a way it’s a lot like art - people will interpret the same painting, sculpture, etc. different ways.
That is why the less we involve people in compliance the less margin for mis-interpretation can exist and the better off we can be.
Compliance is 100% cost at the end of the day, and companies who have figured out that it is in their best interest to automate every process to be compliant, and automate the measuring of that process, and communicate that the right process exists, will be followed, and if it’s not, people all over the company will know, and know quickly.
It is different lenses looking at the same thing…
posted by Mark Mac Auley at 2/16/2008
Get My Identitystuff Newsletter
0 Comments:
Post a Comment
<< Home