Home > Risk > Questions to ask about GRC – #10: Compliance

Questions to ask about GRC – #10: Compliance

10. Does compliance ‘chase the bus’, or is it part of strategy-setting and initiative decisions?

In many organizations, managing compliance is an afterthought. The decision is made to expand into a new country, deliver a new product or service, without serious consideration of the potential implications of ensuring the organization is at all times compliant with applicable laws and regulations. Compliance personnel may, at best, be informed of the decision so they can initiate efforts to ensure compliance. At worst, they find out late and have to “chase the bus” to try and catch up and get on board.

Ideally, compliance requirements, risks, and related costs and opportunities are considered when strategies are established and related projects and initiatives planned and executed.

This questions should be considered in conjunction with #4, which talks to the potential fragmentation of compliance – which can lead to duplication of effort as well as gaps in coverage.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: