Regulatory Compliance – some see it as a necessary evil; a periodic checklist to be completed so business can continue. Others embrace it as a security panacea that mitigates risks with minimal impact on business processes and priorities.
The truth – compliance only indicates the presence of a control baseline which may not address all risks. While periodic audits serve to validate the presence of these controls, they tend to stimulate periodic compliance. This series explores continuous compliance as a means to generate business value.
According to a white paper by CA Inc., continuous compliance efforts have the following characteristics:
- Automated
Automated compliance reduces the resource cost associated with manual compliance. It also reduces the errors inherent a manual approach.
- Ongoing
Ongoing compliance encourages a collaborative approach which discourages the emergence of “control silos”.
- Sustainable
Centralized management of controls and data flows reduces the risk associated with inconsistent access policies found in some decentralized management scenarios. Targeting the touch-points between compliance mandates and core business processes allows for a sustainable compliance strategy.
According to Brad Garland, CEO of The Garland Group, continuous compliance relies on collaboration and coordination between business units. “Understanding the interdepartmental relationships is critical to continuous compliance,” said Garland. His firm focuses on discerning how a client’s core competencies are connected to compliance activities. This approach allows “compliance to become a business driver for management, reducing the busy work for the auditors.”
The next article in this series will explore the concerns around information sharing in a collaborative environment. A case study of a successful implementation will also be featured.
