With cyber-security scares and corporate data breaches now becoming front-page news, companies can hardly plead ignorance to the importance of compliance. But with so few companies satisfying – much less optimizing – their risk management responsibilities, it’s worth examining which obstacles may be impeding progress.
The primary challenge faced by most firms is one of complexity. Regulatory bodies across industries have responded to their evolving risk climates by expanding compliance codes and ramping up enforcement efforts. In Thomson Reuters’ latest global survey of compliance practitioners, 69 percent were expecting an increase in the amount of regulatory provisions published over the next 12 months, while 26 percent of respondents expect the increase to be significant.
The due diligence required to interpret and apply this influx of information can carry a pretty hefty price tag as well. The Thomson Reuters report revealed that 67 percent of responding professionals are expecting an expansion of their team’s budget this year, with particular attention paid to recruiting and retaining senior compliance officers.
Another dangerous element hampering compliance management efforts is the false sense of security some companies retain. An independent assessment from Verizon found that only one in five covered companies were fully compliant with the Payment Card Industry Data Security Standard. Furthermore, the fact that many of these firms had previously confirmed their own compliance only serves to underscore the continuous vigilance required to maintain and expand protections.
Taming the Task
Corporate compliance officers may understandably feel as though the odds are stacked against them at times, but that doesn’t diminish their ability to respond with proactive, resourceful strategies. To ensure everything is up to date and in alignment with industry expectations, managers must divide their attention between people and processes.
- Define policy – Without a clear blueprint of the task at hand, there is little chance of it getting accomplished. Compliance managers must proactively liaise with regulators and industry counterparts to get a clear sense of where their liability lies and how it must be addressed. The provisions then need to be communicated across teams and explicitly codified to promote frequent review.
- Train personnel – Compliance isn’t a phrase stamped at the top of an audit, it’s the everyday orchestration of staff members who interact with the systems and control the assets covered by regulations. Management must then translate written rules into repeatable processes that employees can execute and report.
- Enforce expectations – Even the best training protocol should have its results objectively verified with technologies that can’t be fooled. Back-office tools ranging from access control systems to network monitoring suites must be activated and aligned. It’s also essential that these checks and balances are extended to the senior IT staff tasked with execution, as insufficient privilege management can let deep-seated security issues linger out of view.
Finally, since there is no end zone for compliance campaigns, companies must continuously cycle through these steps to ensure everything is current and complete.
If you would like to learn more about tools that can help you manage and monitor your compliance, take a look at Compliance Monitor for IBM i.