10. Does compliance ‘chase the bus’, or is it part of strategy-setting and initiative decisions?
In many organizations, managing compliance is an afterthought. The decision is made to expand into a new country, deliver a new product or service, without serious consideration of the potential implications of ensuring the organization is at all times compliant with applicable laws and regulations. Compliance personnel may, at best, be informed of the decision so they can initiate efforts to ensure compliance. At worst, they find out late and have to “chase the bus” to try and catch up and get on board.
Ideally, compliance requirements, risks, and related costs and opportunities are considered when strategies are established and related projects and initiatives planned and executed.
This questions should be considered in conjunction with #4, which talks to the potential fragmentation of compliance – which can lead to duplication of effort as well as gaps in coverage.
Questions to ask about GRC – Part 1
Questions to ask about GRC – Part 2, question 1: Goals and Strategies
Questions to ask about GRC – Part 2, question 2: Harmony
Questions to ask about GRC – Part 2, question 3: Integration
Questions to ask about GRC – Part 2, question 4: Fragmentation
Questions to ask about GRC – Part 2, question 5: Culture
Questions to ask about GRC – Part 2, question 6: Perfromance and Rewards
Questions to ask about GRC – Part 2, question 7: Management Information
Questions to ask about GRC – Part 2, question 8: Enterprise View of Risk
Questions to ask about GRC – Part 2, question 9: Voice of Risk
Recent Comments