GRC - Compliance

The issue of compliance has been worrying organizations since the beginning of the millennium. Everyone wants to be compliant because the law says they have to be. And, if not the law, then it is industry standards and subsequent customer expectations that mandate the organization to implement changes in the way they work.

Many people don't understand what compliance is all about but it's really quite simple. It's all about conforming to the controls and procedures imposed on your company by appropriate laws or rulings. For this reason it is frequently termed 'regulatory compliance'.

The more satisfactorily these demands are met, the better compliance has been achieved in the organization. There is no such thing as just 'being in compliance' without stating the particular ruling you’re complying with.

As compliance has increasingly become a concern of corporate management, corporations are turning to specialized software, consultancies, and even a new function as well as a job title, the Chief Compliance Officer. Many organizations may still have Compliance working under a more broader Governance, Risk and Compliance platform otherwise known as GRC.

Compliance in a regulatory context is a prevalent business concern, perhaps because of an ever-increasing number of regulations and a fairly widespread lack of understanding about what is required for a company to be in compliance with new legislation. In the financial sector, SOX was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. In the healthcare sector, HIPAA Title II includes an administrative simplification section which mandates standardization of healthcare-related information systems.

Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so. Software, for example, may be developed in compliance with specifications created.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to achieve in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.

Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.

Regulatory compliance and reporting needs to be viewed as a natural extension of the governance duties shouldered by top management and corporate boards. Moreover, only good governance can ensure that compliance is aligned with the company’s business objectives and risk management strategies — and is thereby adding real value (and not just cost) to the organization. Ultimately, the goal is to ensure that the spirit of compliance — as well as the letter of the law — is embraced in every corner of the enterprise.

Regulatory Compliance is the term generally used to describe the policies and processes which organizations have in place to ensure that they follow the very many laws, rules and regulations put in place. It is the set of all data that is relevant to a governance officer for the purposes of validating consistency, completeness, or compliance.

A key component of Regulatory Compliance is the variety of policies and processes firms are required to have in place to meet legislation and regulation designed to prevent fraud.

Regulatory compliance also describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. This will include retaining data or records which can be used for the purpose of implementing or validating compliance.