Going Beyond Regulatory Compliance
May 14th, 2007
Environmental compliance suddenly has become a hot topic, especially as businesses try to better manage their operational risks. Compliance risk has emerged as a subset of governance, risk and compliance, with a definition all its own: the risk of impairment to the organization’s business model, reputation and financial condition from failure to meet laws and regulations, internal standards and policies, and expectations of key stakeholders such as customers, employees and society as a whole.
This definition, put forward last year by Price Waterhouse Coopers, means that you can damage your business with behavior that can be legally defensible, yet not socially acceptable. The global executives surveyed by PWC agreed that compliance with government and exchange mandated rules is less important in avoiding risk to reputation than internal codes of practice.
Yes, one has to adhere to the law, but that’s not enough. The task of protecting stakeholders, including the environment as a whole, is much more onerous than just what the law requires. And that’s because the regulations are always a little behind when something becomes unacceptable to society.
Thus, what is thought of as sharp practice by informed customers today can become the subject of regulation tomorrow. Businesses that want to be regarded as socially responsible need to go further than existing mandates to establish their own internal codes and practices, and to develop a culture of compliance that comes out of attitude and desire rather than solely out of regulation. Following existing rules is not enough. Modern enterprises also must develop a sense of stewardship.
The compliance department alone cannot resolve the inherent conflict of interest between the desire for profit in an organization and its duty to wider stakeholders including the community in which it lives. Both outside regulations and internal rules are meaningless if there is a culture of noncompliance in an organization.
Developing a culture of compliance means using a sense of stewardship to look ahead, and make organizational changes from within BEFORE the outside rules change. Make them out of a desire to put the long term well-being of the larger society first, rather than only because the regulators say so. Interestingly, many of our customers seem to be doing this —— implementing EH&S policies that are ahead of those government mandates. They would rather be viewed as trend setters than reactors.
Tags: compliance EH&S environmental compliance operational risksEntry Filed under: Operational Risk Management, Corporate Responsibility, Corporate Governance
3 Comments Add your own
1. Mike | July 30th, 2007 at 5:18 am
I really appreciate your thoughts regarding developing a culture of compliance within organization rather than waiting for any regulation to come into existence for implementing policies to regulate it.
2. compliance advisor | September 20th, 2007 at 4:34 am
Enforcement of compliance regulation is must for many organizations but implementing, establishing and maintaining of same is a tough task due to complexity and cost. Training-hipaa.net website provides a wonderful and valuable template suite which any organization, small or big, can use to meet their compliance requirements for HIPAA, Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan.
3. Robert Johnson | September 21st, 2007 at 9:11 am
Thank you for commenting. HIPAA is an important area for the enterprise and part of the larger governance, risk and compliance profile for a portion of our clients. It is, however, outside the scope of this blog. My own passion is environmental, health, safety and crisis management issues in the enterprise, where patient privacy is customarily not an issue.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed