Don’t Do the Crime if You Can’t Pay the Fine

Risks from non-compliance with legislative requirements can be costly: fines, lawsuits, damaged reputation – even prison. Even worse, doing the wrong thing is just as bad as doing nothing. To avoid these issues, it’s important to understand what it means to be compliant and ensure that the company has the processes in place to verify and maintain that compliance.

There are essentially three lines of defense against non-compliance. First, high-level management needs to set direction and provide guidance. This is done by promoting a strong culture of risk compliance, by setting up strategies for compliance, and by providing clear statements on risk appetite. Secondly, a company needs people who can implement the strategies and tie the risks to the processes. They must also ensure that the risks have controls associated with them. Lastly, a company needs to hold internal audits on the appropriate recurring schedules and have automated workflows in place to raise alerts. At all levels it is important to be able to view reports of the current state of overall risk, as well as any gaps that may exist.

While companies are much more likely to be faced with a regulatory challenge than a full compliance audit (a specific challenge is much cheaper to perform than generalized audits), they can still yield high fines. A challenge typically starts with a request for information from the auditor. Failure to provide the information usually triggers a much larger, punitive audit. By having all of a company’s data in a centralized repository, the company will be unlikely to fail an audit for this reason. To this end, scheduled internal audits are a necessary part of a solid compliance plan. These internal audits will quickly locate any gaps, which can then be filled with the necessary missing data.

Compliance might sound like a lot of work for no real gain other than the avoidance of punitive damages, but this is far from the case. There are many benefits to being compliant: it shows commitment to doing business the right way and in an ethical manner, it tends to improve operational processes and their maturity levels, it helps achieve transparency, and it establishes better information governance (via the storing of data and good record keeping). All of these things contribute to a better bottom line for the business. In the end, it’s always cheaper to just be compliant.

More on Risk Management

Related Content


What is Business Process Management Anyway, and Why Do Companies Need It? 

By Kim Scott     There’s a lot of information to be found on the internet about what defines Business Pro...

Predictive Analytics: Digging Deeper to Get Things Done

An Intellyx BrainBlog for iGrafx In our previous chapter on automated decisioning, we discussed the importance of bringing...

iGrafx Recognized as a Leader in The Forrester Wave™: Process Intelligence Software, Q3 2023  

By iGrafx Chief Product Officer, Shoeb Javed  Industry analyst firm, Forrester, recently released The Forrester W...