Skip to Main Content
Home » Blogs » Don’t Do the Crime if You Can’t Pay the Fine


Don’t Do the Crime if You Can’t Pay the Fine


Risks from non-compliance with legislative requirements can be costly: fines, lawsuits, damaged reputation – even prison. Even worse, doing the wrong thing is just as bad as doing nothing. To avoid these issues, it’s important to understand what it means to be compliant and ensure that the company has the processes in place to verify and maintain that compliance.

There are essentially three lines of defense against non-compliance. First, high-level management needs to set direction and provide guidance. This is done by promoting a strong culture of risk compliance, by setting up strategies for compliance, and by providing clear statements on risk appetite. Secondly, a company needs people who can implement the strategies and tie the risks to the processes. They must also ensure that the risks have controls associated with them. Lastly, a company needs to hold internal audits on the appropriate recurring schedules and have automated workflows in place to raise alerts. At all levels it is important to be able to view reports of the current state of overall risk, as well as any gaps that may exist.

While companies are much more likely to be faced with a regulatory challenge than a full compliance audit (a specific challenge is much cheaper to perform than generalized audits), they can still yield high fines. A challenge typically starts with a request for information from the auditor. Failure to provide the information usually triggers a much larger, punitive audit. By having all of a company’s data in a centralized repository, the company will be unlikely to fail an audit for this reason. To this end, scheduled internal audits are a necessary part of a solid compliance plan. These internal audits will quickly locate any gaps, which can then be filled with the necessary missing data.

Compliance might sound like a lot of work for no real gain other than the avoidance of punitive damages, but this is far from the case. There are many benefits to being compliant: it shows commitment to doing business the right way and in an ethical manner, it tends to improve operational processes and their maturity levels, it helps achieve transparency, and it establishes better information governance (via the storing of data and good record keeping). All of these things contribute to a better bottom line for the business. In the end, it’s always cheaper to just be compliant.

More on Risk Management

Related Posts

Management and Control of Regulatory Risks

  • clock July 21, 2020
  • author-icon Irina Khaliullina

During iGrafx iNNOVATE, our virtual event covering the future of transformation back in May, our partner Deloitte hosted one of the sessions. The speakers Olaf Lahrsen,...

Read More

Risk and Opportunity Process Excellence – Promote a Culture of Risk Management

  • clock October 30, 2018
  • author-icon James Berrocales

Risk Management is part of our daily lives. It is so entrenched in our routine activities that we may not even realize it. What is...

Read More

Why Top Tech CEOs & CFOs are Worried

  • clock August 22, 2018
  • author-icon Jamey Heinze

I just ran across a really interesting infographic produced by Wells Fargo, titled: “What Keeps Tech CEOs and CFOs Up at Night?” It’s interesting to...

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Download our expert-led demonstration of the iGrafx Platform

Close Icon