Strengthened regulatory enforcement standards and the promise of improved business performance are transforming and elevating the role of enterprise governance, risk and compliance (GRC) management. Yet, without a clear understanding of the hidden costs of an ineffective approach to GRC and the rewards that await the well-run enterprise, organizations are at risk to materially overspend and underperform. Too many companies are taking a fragmented and inconsistent fire brigade approach to managing the compliance function - regulation by regulation. This has proven to be both expensive and ineffective. Increased demands for measurement of compliance programs by both boards of directors and regulators have heightened the need to develop a centralized approach to GRC management for all related processes. This article assesses the forces behind these changes and introduces a technology-based approach to compliance management that directly maps GRC tasks and operations to the standards and sentencing guidelines used by regulators, auditors and the courts.

The federal government has passed several new statutes that are driving a fundamental shift in how companies view the management of compliance. HIPAA, Graham Leach Bliley, the USA Patriot Act and, most notably, the Sarbanes-Oxley Act have forced large companies to focus on compliance management as a strategic imperative. Companies must comply and therefore manage against multiple statutes and regulations simultaneously over multiple business units and jurisdictions. However, the good news is that the U.S. Sentencing Commission has recently clarified their sentencing guidelines to remove any confusion as to the enforcement standard for an effective compliance program - regardless of the specific regulation under consideration. Companies need to focus on this standard, tie their compliance management initiatives to it and be able to explain how they have done so when they come under regulatory enforcement scrutiny.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access