Saying what you will do and doing what you say is essential for organizations where staying between the lines is critical to mission success. If you want to lower your risks you need to foster a culture of integrity across all levels of your organization.
For compliance, integrity is manifested when organizations take ownership of all their obligations and hold themselves accountable to them.
In order to say what you will do requires that you first know what your obligations are. This means taking inventory of both regulatory requirements and voluntary commitments.
Companies must then set appropriate organizational outcomes, targets, and goals commensurate with their level of commitment and operational risk. The way that companies say what they will do is by documenting their promises usually in the form of policy.
To be effective policies must be put into practice. This is demonstrated when organizations operationalize their promises by embedding compliance objectives into programs, systems, processes, and procedures. You can call this compliance-by-design but it is really just ensuring that you do what you say.
This is still not is not enough. Organizations must also hold themselves accountable. In fact, they must regulate themselves to provide assurance that they meet their obligations today and will meet them in future. Sustainability is the goal and integrity is the means. This involves continually evaluating performance and effectiveness of risk & compliance programs.
Culture is a remnant of our actions. Organizations that continually say what they will do and do what they say will build and strengthen a culture of integrity.