A case for best practice compliance
Written by Steve Robinson from Rightstrategy.
2020 has been a difficult year indeed and everybody is now looking for the light at the end of the tunnel. However, with the freeing up of restrictions and the resumption to some level of normality organisations (and individuals) need to remain vigilant.
Vigilant
adjective
Keeping a careful watch for possible danger or difficulties.
(Oxford languages)
In good times organisations can be extremely vulnerable to threats due to an over-reliance on good luck and I guess unwittingly hopeful that such threats do not eventuate. If we have learnt anything this year it should be that we need to retain an appropriate amount of vigilance at all times, not just in the bad times. As my late mother use to say, prevention is better than the cure!
There are lots of stories out there of hardship at the moment, some of which was completely unavoidable. In a few cases we heard of organisations that actually had a plan ‘B’ in place – congratulations to you as this was well anticipated and managed. Others were fortunate enough to be able to quickly shift to on-line services, how lucky for you. And others had no idea of what just happened.
It makes me wonder about what could have been prevented, our ability to accept and learn from the past and to evolve to an even higher level of awareness and preparedness.
It also reminds me of Donald Rumsfeld’s 2002 speech and this poem originally anonymous, but this version provided courtesy of Daase and Kessler:
As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don’t know
We do not know.
Finally, there are unknown knowns
The knowns
We do not want to know.
Organisations are encouraged to think about remaining vigilant in the face of this current and hopefully diminishing threat, but what of the other threats, how well have these been considered by our organisations?
Oh, and that brings me to a thought about contemporary organisational compliance regimes. That is, an organisation’s system of compliance needs to be balanced with effective risk and business continuity inputs, in the first place, and then ensure the effectiveness of its controls to prevent and minimise organisational threats through a thorough system of compliance verification.
Now is probably a good time to call on that old cliché, that is “lessons learned” and to get together with our teams to openly discuss the organisation’s compliance culture and consider how well the systems of compliance have been designed and implemented.