Chapter 6Compliance Framework

“Start by doing what's necessary; then do what is possible; and suddenly you are doing the impossible.”

—St. Francis of Assisi

The need for compliance, whether it is a checkbox or the whole nine yards approach, is not in question. Nor is there a debate on its importance or relevance. The real challenge is how does one transcend the rhetoric and create a “doable” operational framework. In Chapters 6 and 7, an attempt is made to address the steps that an organization can consider in their quest for creating a realistic and effective compliance program.

Managing the Compliance Maze

The subject of compliance is topical with high visibility. It is overwhelming to think about operationalizing it in a simple yet comprehensive manner. The challenge stems from the dynamic nature of most parts of compliance. To create a smooth flow of a project that has so many moving parts is no mean task. I remember learning in science and mathematics that when you want to solve a problem, some aspects need to be kept constant. For the compliance system, in the current context, both the external and the internal environment are in a state of constant flux.

The moving components that need to be contextualized and woven into the compliance fabric of the organization are:

  • Regulations—changes, new regulations, interpretations, and so on; this refers to the guidance and directives from all relevant bodies, including interpretations by the courts.
  • Internal changes—Newer products, ...

Get Enterprise Compliance Risk Management now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.