Chapter 6Compliance Framework

“Start by doing what's necessary; then do what is possible; and suddenly you are doing the impossible.”

—St. Francis of Assisi

The need for compliance, whether it is a checkbox or the whole nine yards approach, is not in question. Nor is there a debate on its importance or relevance. The real challenge is how does one transcend the rhetoric and create a “doable” operational framework. In Chapters 6 and 7, an attempt is made to address the steps that an organization can consider in their quest for creating a realistic and effective compliance program.

Managing the Compliance Maze

The subject of compliance is topical with high visibility. It is overwhelming to think about operationalizing it in a simple yet comprehensive manner. The challenge stems from the dynamic nature of most parts of compliance. To create a smooth flow of a project that has so many moving parts is no mean task. I remember learning in science and mathematics that when you want to solve a problem, some aspects need to be kept constant. For the compliance system, in the current context, both the external and the internal environment are in a state of constant flux.

The moving components that need to be contextualized and woven into the compliance fabric of the organization are:

  • Regulations—changes, new regulations, interpretations, and so on; this refers to the guidance and directives from all relevant bodies, including interpretations by the courts.
  • Internal changes—Newer products, ...

Get Enterprise Compliance Risk Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.