Compliance Never Rests - Can You?
Thursday, April 26, 2007
Posted in: General
I was through my second cup of coffee this afternoon when the caffeine buzz hit my head. It provided the desired effect that enabled me to zoom through the rest of the day, but the zoom will continue well into the evening and I’ll never get to sleep in time for a restful night.
I will eventually catch up on my sleep, but unlike people—compliance never rests. The continuous nature of compliance poses significant challenges to companies. It’s hard enough to effectively utilize data flowing from disparate information systems across the business in a multitude of forms, but it’s nearly impossible to keep tabs on all of the manual activities in the business that impact compliance. Manual tasks, like making sure nobody is using cell phones in a restricted area pose significant challenges to managing compliance.
I found an interesting blog entry on this subject called Continuous Auditing, Compliance, and Trust at OMG. The author says “The key is that I can trust you even if I don’t think you’re perfect, as long as I believe that you can correct those flaws that negatively impact me.” This resonated with what a CIO at a large financial institution told me a few weeks ago. He said that the worst thing you can say to an auditor or regulator is that you have no compliance problems or non-compliance events. He said it’s better to show that you have a continuous process to monitor all events (manual too), and show that you are in control.
The continuous nature of compliance applies to manual activities – in addition to data flowing from information systems.