Holiday Obligations Blog Post Header
Holiday Obligations Blog Post Header

Holiday Obligations and Compliance Management

Jim Montgomery |

Sitting at our holiday table loaded with amazing food, surrounded by friends and family, I couldn’t help but think about all of the things we had to do to make it happen.

My wife had to pick Uncle Joe up from the assisted living facility, I had to make up the guest room for my sister in from out of town, my nephew had to fly home from college, my son had to borrow folding chairs from the neighbors, not to mention all the recipes we had to follow for the meal to be edible!

Call me crazy, but the whole scene made me think of compliance management, Yes, compliance management!

You see, compliance is all about doing the things you have (or want) to do. Like family, compliance obligations or objectives are vast and varied, from regulations that have been around forever (like Uncle Joe) to licenses that we need in order to do business (like siblings or cousins help make a family) to customer contracts that we have to deliver on (like marriages saddle us with in-laws) to new ideas like corporate social responsibility or internal objectives of your organization (like the young idealistic nephew home from college or choosing to have the family meal in the first place).

Infographic: GRC Hurdles & High Jumps in Building a Culture of Compliance

The parallels with compliance management

Think about it: The challenges you face in managing your compliance obligations aren’t unlike bringing the family together for the holiday meal…you have to round everybody up, which means knowing where they are coming from; you have to schedule the meal around everyone’s arrivals and departures, which means knowing when everything needs to be ready; you need to be sure that the recipes have been followed and the food thoroughly cooked so that you know the gastric distress is based on the quantity of the food consumed, not the quality.

Okay, enough of the clever analogy; what is it I’m really talking about here? I am talking about a system that allows you to:

1. Know your sources – It is important to know where your compliance obligations come from. Having a solution that builds out your list of sources with details, such as governing body, type of source (regulation, license, internal policy, etc.), area of the organization impacted, applicable dates (especially for licenses or contracts with expiration dates and renewal periods), and links those sources to the related obligations giving more context to your program.

2. Bring your obligations together – Just like having the family all together for the holidays, nothing should warm your compliance-natured heart more than having all of your compliance obligations in one place. Having a holistic view of your state of compliance across all areas of the organization gives you the data you need to more effectively leverage your compliance resources in the areas that need it most. In addition to links back to the originating source, you want to see other important details such as who is responsible for the obligation, the current compliance status, and when it was last reviewed or assessed.

3. Control the information – I know, the thought of everyone in the organization seeing everyone else’s compliance dirty laundry is giving you heartburn, but don’t panic! You are looking for a flexible, permissions-based solution that allows you to control which obligations each user can view or update and which ones are hidden from them. More importantly, access can be controlled in a hierarchical fashion, rolling teams up into department, business units, all the way up to a company-wide view of all areas, topics and programs within the company.

4. Keep things on track – Whether it is a simple reminder to periodically review an existing obligation, or a specific list of activities that need to be completed to comply with a specific requirement, you need a flexible action management process that controls how your users interact with various types of tasks, from simply capturing comments and feedback about the execution of the task, to allowing for extension requests when due dates can’t be met, to forcing a second level of review to verify completion, make sure the work is getting done when and how it needs to be done to ensure consistent, effective execution of your compliance program.

5. Show the proof is in the pudding – When it comes to assessing how well you comply with your obligations, it isn’t enough to simply say you are compliant, you need to illustrate how you are compliant. Compliance activities include maintaining and delivering policies or training to address certain topics, exception reporting when things go wrong, and proactive auditing of compliance controls. Choose a system that supports these additional functions and allows you to link records of those compliance activities back to the related obligation. That way, when someone asks, “How do you know you are compliant?” you can show them the connected data and back up your assessment.

6. Visualize results – And no solution would be complete without reports and dashboard widgets that respect the permissions of each user and give consolidated, graphical representations of every aspect of your compliance program for easy access and effective recognition of problem areas within the organization. From top-level compliance statuses, to complete versus overdue compliance activities, to key indicators exhibiting the effectiveness of your compliance process or controls, knowledge is power!

If you’re hungry for more information about how to keep up with your compliance obligations and activities (though we may not be able to help with the holiday leftovers), contact us!

[bctt tweet=”The challenges you face in managing your compliance obligations aren’t unlike bringing the family together for the holiday meal.” username=”MitratechLegal”]