The
issue of compliance has been worrying organizations since the beginning of the
millennium. Everyone wants to be compliant because the law says they have to
be. And, if not the law, then it is industry standards and subsequent customer
expectations that mandate the organization to implement changes in the way they
work.
Many
people don't understand what compliance is all about but it's really quite
simple. It's all about conforming to the controls and procedures imposed on
your company by appropriate laws or rulings. For this reason it is frequently
termed 'regulatory compliance'.
The
more satisfactorily these demands are met, the better compliance has been
achieved in the organization. There is no such thing as just 'being in
compliance' without stating the particular ruling you’re complying with.
As
compliance has increasingly become a concern of corporate management,
corporations are turning to specialized software, consultancies, and even a new
function as well as a job title, the Chief Compliance Officer. Many organizations
may still have Compliance working under a more broader Governance, Risk and
Compliance platform otherwise known as GRC.
Compliance
in a regulatory context is a prevalent business concern, perhaps because of an
ever-increasing number of regulations and a fairly widespread lack of
understanding about what is required for a company to be in compliance with new
legislation. In the financial sector, SOX was enacted in response to the
high-profile Enron and WorldCom financial scandals to protect shareholders and
the general public from accounting errors and fraudulent practices in the
enterprise. In the healthcare sector, HIPAA Title II includes an administrative
simplification section which mandates standardization of healthcare-related
information systems.
Compliance
is either a state of being in accordance with established guidelines,
specifications, or legislation or the process of becoming so. Software, for
example, may be developed in compliance with specifications created.
In
general, compliance means conforming to a rule, such as a specification,
policy, standard or law. Regulatory compliance describes the goal that
corporations or public agencies aspire to achieve in their efforts to ensure
that personnel are aware of and take steps to comply with relevant laws and regulations.
Due to
the increasing number of regulations and need for operational transparency,
organizations are increasingly adopting the use of consolidated and harmonized
sets of compliance controls. This approach is used to ensure that all necessary
governance requirements can be met without the unnecessary duplication of
effort and activity from resources.
Regulatory
compliance and reporting needs to be viewed as a natural extension of the
governance duties shouldered by top management and corporate boards. Moreover,
only good governance can ensure that compliance is aligned with the company’s
business objectives and risk management strategies — and is thereby adding real
value (and not just cost) to the organization. Ultimately, the goal is to
ensure that the spirit of compliance — as well as the letter of the law — is
embraced in every corner of the enterprise.
Regulatory Compliance
is the term generally used to describe the policies and processes which organizations have in place to ensure that they follow the very many laws,
rules and regulations put in place.
It is the set of all data that is relevant to a governance officer for the purposes of validating consistency, completeness, or
compliance.
A key component of Regulatory Compliance is the variety of policies and processes firms are required to have in place to meet legislation and regulation designed to prevent fraud.
A key component of Regulatory Compliance is the variety of policies and processes firms are required to have in place to meet legislation and regulation designed to prevent fraud.
Regulatory
compliance
also describes the goal that corporations or public agencies aspire to in their
efforts to ensure that personnel are aware of and take steps to comply with
relevant laws and regulations. This will include retaining data or records
which can be used for the purpose of implementing or validating compliance.