The four stages of compliance

Man surrounded by paperwork with head in hands

Just had some great feedback on my article OpGRC: Naming a dangerous many-headed beast that reminded me of a slide I used to use in conference presentations around 9 years ago.

The feedback on the article was that organisations are“split broadly into two camps, the firms that try to comply but find it difficult to balance the resource cost and productivity impacts and those that flag wave but really don’t care.

Based on anecdotal evidence from talking to multiple prospects and  clients and prospects we came across the following four types:

Office worker with thumbs up

The Uninformed

Are we supposed to be tracking supplier compliance?

  • Why?
  • Isn’t that the responsibility of our suppliers?
  • What should we track anyway
Office worker with fingers crossed

The Risk Takers

We know we should track compliance but we don’t. Someone actually told me “no-one has died yet”

  • It’s too expensive
  • It’s too time-consuming
  • We are not sure what we need to track
  • We keep our fingers crossed and hope nothing goes wrong
Stressed office worker with piles of paper

The Grudgingly Compliant

We track supplier compliance but

  • It’s very expensive
  • It’s time-consuming
Office worker with thumbs up

The Sorted

We are COINing it. We use a Community of Interest

  • It’s inexpensive
  • It takes very little of our time
  • I get exception reports so I can focus on non-compliances
  • I have a compliance framework for my whole of business

Where do you see your organisation?

Contact us if you would like to find out how to become Sorted.

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment