Why Is This Assessment Necessary?
For compliance to be effective, it must generate desired outcomes. These outcomes may include reducing violations and breaches, minimizing identity thefts, enhancing integrity, and ultimately fostering greater stakeholder trust.
Realizing these benefits requires compliance to function as more than just the sum of its parts. Unfortunately, many organizations focus solely on individual components rather than the whole system – they see the trees but miss the forest, or concentrate on controls instead of the overall program. Too often, compliance teams work hard and hope for the best. While hope is admirable, it's an inadequate strategy for ensuring concrete outcomes.
To elevate above merely a collection of parts, compliance needs to operate as a cohesive system. In this context, operability is defined as the extent to which the compliance function is fit for purpose, capable of achieving compliance objectives, and able to realize the benefits of being compliant.
The minimum level of compliance operability is achieved when:
All essential functions, behaviors, and interactions exist and perform at levels necessary to create the intended outcomes of compliance.
This defines what is known as Minimal Viable Compliance (MVC), which must be reached, sustained, and then advanced to realize better outcomes.
For this to occur, we need a comprehensive approach. We need:
Governance to set the direction
Programs to steer the efforts
Systems to keep operations between the lines
Processes to help stay ahead of risks
All of these elements must work together as an integrated whole.