From Computer Weekly:
I am sure that it will not come as any surprise that to many organisations compliance to multiple legislative and regulatory standards is seen as another cost and resource burden impacting on bottom line business goals.
It may be surprising though that to me, as the MD of a GRC (Governance Risk and Compliance) company, that this “hardened cynicism” is understandable and forgivable given that historically new business processes to meet “next big thing” needs are often perceived as having added little to the business other than cost.
With reference to compliance, some argue that the same cynics mantra can be chanted again. For as the tidal wave of recent new standards has appeared, with draconian penalties for non-compliance, many private and public sector organisations alike have adopted multiple systems to manage compliance problems on a case-by-case basis. Unfortunately, too often responsibility for ensuring compliance lay initially with individual line managers; not trained compliance staff. Here imposition of new processes has led to a tick box culture where managers effectively do the minimum to comply hoping to minimise the impact on their department’s daily working practices. A recent Achiever survey revealed too that 8 out of 10 managers responsible for GRC felt that “overkill” levels of “noise” were too onerous and threatening management attitudes.
Read on.
Tags: Governance, Compliance, Risk Management
