“Start by doing what's necessary; then do what is possible; and suddenly you are doing the impossible.”
—St. Francis of Assisi
The need for compliance, whether it is a checkbox or the whole nine yards approach, is not in question. Nor is there a debate on its importance or relevance. The real challenge is how does one transcend the rhetoric and create a “doable” operational framework. In Chapters 6 and 7, an attempt is made to address the steps that an organization can consider in their quest for creating a realistic and effective compliance program.
Managing the Compliance Maze
The subject of compliance is topical with high visibility. It is overwhelming to think about operationalizing it in a simple yet comprehensive manner. The challenge stems from the dynamic nature of most parts of compliance. To create a smooth flow of a project that has so many moving parts is no mean task. I remember learning in science and mathematics that when you want to solve a problem, some aspects need to be kept constant. For the compliance system, in the current context, both the external and the internal environment are in a state of constant flux.
The moving components that need to be contextualized and woven into the compliance fabric of the organization are:
- Regulations—changes, new regulations, interpretations, and so on; this refers to the guidance and directives from all relevant bodies, including interpretations by the courts.
- Internal changes—Newer products, ...