Friday, May 6, 2022


Organizations should consider both internal and external factors for improving business success by enforcing law, policy, and regulation compliance, keeping policy stability & effectiveness, and harnessing stakeholders’ relationships.

With “VUCA” digital new normal, risk, compliance management should be a crucial component of the digital transformation approach. Do things better, faster and smarter. Risk is the unwanted subset of uncertain outcomes; compliance means conforming to a rule, such as a specification, policy, standard or law.

 The overarching risk management program should consider compliance risk as part of the enterprise view of risks. The efforts on managing risk in a more integrated fashion are critical for the long run to improve organizational agility.

Risk & compliance at the strategic level, require a strategic and forward-looking perspective to deal with unprecedented uncertainty
: As part of the effort to run a successful business, we have to manage risks to business operations with an eye on strategic planning. If it is to add real value - challenging conventional wisdom, thinking the unthinkable and asking the unpalatable question. Increasingly we need to view that strategic risk is a topic for the full board, not only to identify and address key risks but also to understand and convert the best of them to opportunity. Requirements to ensure legal compliance are another component of the company’s risk management. Also, compliance is very much a strategic issue as well; the companies that do not recognize this are blindfolding to a great extent.

Risk management is a part of the compliance process; and also draws compliance parameters for risk management: There are varieties of compliance, compliance with statutes, compliance with regulations, compliance with contracts (customer, vendor, supplier ) Risk Management is the decision mechanism that should be integrated within all management decision trees including those that impact compliance practices. Contracts and compliance decisions aren’t made without weighing the positive risk versus negative risks. Understand the possibilities of how new technologies can enhance risk management while balancing the technical and business risks, the investment needed, timing, etc, to improve overall GRC effectiveness.

Compliance is not just about the letter of the law or regulation, but also very much about the spirit of the law or regulation:
Compliance is or should be more than just looking at internal directives. It is also about looking at how the external world and society are developing itself by following the policies & regulations, obeying the laws or organizational rules/ Unwritten rules, based on common decency, mutual respect and integrity should play an equally important role, next to the ‘hard’ compliance. The challenge is to ensure that the people authorized to make decisions on behalf of the company are able to view the organization and the risks to the organization holistically. Also, utilize the Risk Management processes at its core and run through all activities whether by the compliance function or the businesses.

Digital transformation represents a break with the past, having a high level of impact and complexity. Organizations should consider both internal and external factors for improving business success by enforcing law, policy, and regulation compliance, keeping policy stability and effectiveness, harnessing stakeholders’ relationships, take a holistic view and structural approach to manage business complexity and improve organizational maturity.


Post a Comment