Hat tip to Deloitte, whose new book Enterprise Compliance: The Risk Intelligent Approach acknowledges some truths too often neglected:
“In the real world, ownership of compliance tends to disappear only a few layers deep into the organizational chart, becoming less visible the further you move away from core compliance functions and roles such as the Chief Compliance Officer. As a result, employees may be performing compliance-related activities every day without knowing the potential consequences of not executing them properly.
Just as important, when processes are updated, or workarounds are put in place, critical compliance tasks may be inadvertently eliminated without anyone understanding the impact on compliance risk.
Pushing responsibilities closer to the front lines of the business can make the overall process of compliance more efficient and less painful, but it can also bring new headaches without adequate planning.
One of the leading ways to avoid the unintended consequences that can come from changing responsibilities is to start with a complete picture of how compliance works in an organization. It can be difficult, but the confusion and risks of operating without such an understanding can be even more painful. From there, make sure people know what they are expected to do and why, and provide them with the incentives they need to stay on track.”
In other words, any intelligent approach to risk management has to start with an enterprise-wide perspective. And it has to be real – supporting the front line of the business – not simply an abstract or representation of operational reality created for compliance purposes.
It’s what a good process management platform enables. Get it right and the result can be the cultural shift which Deloitte is calling for – one in which ‘Compliance is not just another box in need of checking but is simply part of how business gets done’.
29 June 2012 Process And The New World Of Risk Management