Embedding compliance into business solutions as more than a tick-the-box, rule based process at the end of any transaction or activity requires a change in mindset at C-suite level, says Kalane Rampai, director at PwC.
Kalane Rampai, director at PwC
“Embedded compliance is having appropriate and effective controls, performance indicators and reporting mechanisms strategically positioned in the core business processes of the organisation. This assists in ensuring that all key regulatory, strategic and internal requirements are satisfied – without jeopardising the expected performance of the business.”
“We have seen an increased requirement for organisations to improve disclosure, accountability and compliance to meet new and stringent requirements set by government, regulatory bodies and societal demands,” says Rampai.
The solution is not costly one-off projects performed with spreadsheets and a vast accumulation of paper-proof compliance, rather it is embedding compliance strategies into business processes. This will reduce the time and manpower cost of staying compliant.
Three key steps
- Set the correct organisational tone right from the top down
To achieve a compliance-supporting culture it is essential to get C-suite buy-in and convey a unified compliance vision and strategy, recognising and rewarding the implementation of core values. Board and senior management need to commit to ethics and compliance.Organisations require a values-based approach to ethics and compliance. Clearly defined objectives, measurements for success and project management parameters along with effective up- and downstream communication will create a consistent approach to accountability.
Integrating compliance into individual performance measurement and reward structures directs organisation wide participation.
- Integrate systems and eradicate duplication
Strategically position appropriate and effective controls, performance indicators and reporting mechanisms in the core business processes of the organisation. The fragmented nature of different departments within an organisation, each working within their own isolated organisational silo, drives additional spend to meet basic business demands and creates redundant efforts to meet compliance requirements.- Use data systems and technology to full capacity
Leverage technology to automate data analytics and manage complexity, enabling real time compliance, monitoring, reporting and response. The volume of business activities that should be monitored within an organisation can easily overwhelm existing resources. Using technology such as key risk indicator dashboards, scenario modelling, predictive analytics and statistical analysis work hand in hand to provide management with trends and fact patterns and preventative control mechanisms.
“Compliance is not an event, nor is it an activity. Relying on business as usual just doesn’t cut it anymore. Organisations need to incorporate fresh thinking, new systems and innovative approaches to produce the expected results," Rampai says.
