The four stages of compliance
Just had some great feedback on my article OpGRC: Naming a dangerous many-headed beast that reminded me of a slide I used to use in conference presentations around 9 years ago.
The feedback on the article was that organisations are“split broadly into two camps, the firms that try to comply but find it difficult to balance the resource cost and productivity impacts and those that flag wave but really don’t care.”
Based on anecdotal evidence from talking to multiple prospects and clients and prospects we came across the following four types:
Are we supposed to be tracking supplier compliance?
- Isn’t that the responsibility of our suppliers?
- What should we track anyway
The Risk Takers
We know we should track compliance but we don’t. Someone actually told me “no-one has died yet”
- It’s too expensive
- It’s too time-consuming
- We are not sure what we need to track
- We keep our fingers crossed and hope nothing goes wrong
The Grudgingly Compliant
We track supplier compliance but
- It’s very expensive
- It’s time-consuming
We are COINing it. We use a Community of Interest
- It’s inexpensive
- It takes very little of our time
- I get exception reports so I can focus on non-compliances
- I have a compliance framework for my whole of business
Where do you see your organisation?
Contact us if you would like to find out how to become Sorted.
Nigel Dalton-Brown, GAICD, AMIIA, MBA
Managing Director, Chair, Speaker, Lecturer, Author
Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.