Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

From Worldcom to World-Class

{quotes align=right} Compliance demands are a part of the business landscape.{/quotes} Compliance pressure builds with globalization and its technology acceleration, increased economic, societal and cultural connectivity; speed of business; modernization; and even spread of free-market capitalism. Globalization can be characterized by these environmental stressors:

n Security stressors as organizations and individuals seek to adjust to disruptive events such as the Sept. 11, 2001, attacks;

n Competitive stressors as organizations create new global competitive platforms for people, processes and technology;

n Psychological stressors as individuals struggle to adjust to new pressures and new ways of working, and,

n Economic stressors as the effects of the new competitive and technologic platforms ramify through national and transnational systems.

These environmental stressors create new rule sets, as well as gaps between old and new rule sets. Rule sets are defined as the principles and standards that emerge to govern the actions of organizations and individuals. In response to globalization’s environmental stressors, rule sets change and evolve. But new rule sets are sometimes in conflict with each other as well as with established rule sets. In response, legislators and regulators create new laws and regulatory requirements to seek equilibrium in a rapidly changing and sometimes uncertain environment.

n Security Rule Sets: Sept. 11, 2001, prompted a sweeping array of changes in security rules. The attacks forever transformed global security, and in an instant, wiped out U.S. citizens’ sense of security – their feeling of invulnerability to terrorist threats at home. As a result, Congress – seeking to create equilibrium in an unstable environment – passed a series of laws and regulations to make the U.S. more secure. Among these new regulations was the USA Patriot Act. For companies in critical infrastructure industries, the USA Patriot Act presents a pervasive new set of rules with which they must comply.

n Economic Rule Sets: A fast-moving global economy and its increasing democratization of wealth, ideas and freedom create a rapidly changing, disruptive environment. Technology enables 24/7 global processing of information in a worldwide economy, and this drives new standard rules of engagement between companies and their employees, and between companies and host nations. Complexity increases radically. New laws and regulations in multiple jurisdictions add an intense compliance burden to the existing challenges.

n Organizational Governance Rule Sets: Across history, we find that individual and social behavior – values and culture – lags behind technology and economics. Similarly today, rules governing business ethics, disclosure and investor expectation have lagged behind rules governing business pace and business technology. This disconnection plays out on a global scale. In this complex, fast-moving environment filled with interdependencies, things go wrong – from fraud, to bad business judgment, to misinformation and confusion. Both businesses and investors are harmed. Government steps in to close the gaps, by applying still more rules in the form of regulation. The Sarbanes-Oxley Act is designed to close the gap between individual and organizational behavior, and economic and technological possibility to restrict aberrant behavior and bring the rules of business ethics in line with the rules of business expansion.


The Result

The result is still more rules, intended to establish a better, more consistent, and more uniform operating environment for individuals, organizations, and national and transnational structures. We can argue the effectiveness of each new rule, but what is indisputable is that new rule sets dramatically increase complexity for organizations and individuals. In order to benefit from the new operating environment and to systemically lower complexity, all participants must adjust to and work within a new framework of requirements. They must systematically comply with a variety of rules.


How to Cope

A new organizational framework that fuses security, compliance, and business performance optimization into a single function can provide the solution. Leading companies and organizations can become resilient to the compliance burden – by embedding compliance rule sets into their core systems and their organizational DNA.

They can establish a platform for compliance with new rules and management of rule set gaps, just as they establish a platform for security and performance. The key to a resilient approach to compliance lies in the critical insight that the compliance function, and external factors that bear on it, are essentially rules-based. It’s ironic – and valuable to note – that our new focus on compliance is at once the result of, and the source of, new rule sets.

A new system that can automate and leverage rules in order to reduce the impact of environmental stress is resilient. Rules in this context can take many forms: regulations; performance metrics; previously undocumented institutional intelligence contained in the minds of employees; and the organization’s policies and best practices – all applied to its most critical business processes.

n Think strategically and identify from the top down the organization’s critical assets and the business processes that enable them.

n Establish the rules that apply to those business processes.

n Transform those rules into code so that the processes become automated and can be executed quickly, consistently, and effectively. The code must be kept up to date so that processes are always current with new and changing requirements.

n Maintain the transparency of these automated processes so they are visible to managers and senior executives who can then intervene and take direct action when needed.


Seek Resiliency

The advantages of this resilient approach to compliance are many. Automated responses are predictable and consistent – the risk of human error is greatly reduced. When compliance tasks are automated, the chance of error is greatly diminished. And when a business process has a compliance challenge, the organization is able to respond with a best-practices approach by invoking a series of actions that can address the problem and document the organization’s actions – often more quickly than a human could detect and respond. Fundamentally, a resilient approach to compliance minimizes the potential for human failure in the contexts in which it can do harm. It frees employees and managers to concentrate their judgment in areas where it can add the most value to the organization. The organization can now spend less time and money on compliance and go back to the primary task of increasing its value. Managers can focus on the highest-order tasks of creating and communicating a culture of quality and ethical behavior, and making critical decisions about how the organization will meet its compliance requirements – while at the same time leaving the mechanics of compliance to better-suited systems.

There are still more advantages. As noted, regulation is never static. New requirements are created and existing requirements are changed constantly. The sheer task of keeping up with the changes is burdensome and labor intensive.

And every change introduces more complexity and an increased risk of error. What if those changes could be applied directly to an automated system? Think of the compliance-focused equivalent of antivirus software – compliance code sourced from a library that is kept constantly up to date with regulatory changes and then downloaded to the organization so that its compliance systems are always current. The result is greater consistency, diminished complexity, and an overall reduction in the chance of error. Finally, a resilient approach to compliance creates advantages beyond consistency and speed.


Focus on Competition and Performance

In the context of compliance globalization, it is a mixed blessing. It produces enormous benefits but also creates enormous stressors. Compliance is the result of new rule sets designed to respond to stressors and is a stressor in its own right. But by focusing on the fundamental nature of compliance – the fact that it is rules-based – a platform for resilient response is established. Essentially, a resilient approach to compliance is about the creation of platforms that confer sustainable advantage.

The best run – and valued – organizations will be those that raise their institutional maturity levels by embedding automated rule sets and compliance capabilities into their core operating systems – making those systems adaptable to a rapidly changing environment without disrupting their operations. An organization performs best when it can manifest a total, system-wide response that draws on all of its resources. Such a response allows the system not only to sense its external environment and distribute information throughout its internal structure, but to move quickly and act as a whole – blocking threats, mitigating risks, and taking advantage of opportunities.

A resilient approach to compliance is the answer – one that will mitigate the impact of new compliance rules and allow organizations to shift their attention back to performance and profitability.


Stephen F. DeAngelis is president and CEO of Enterra Solutions, LLC. He currently serves as a visiting scientist at Carnegie Mellon’s Software Engineering Institute and is senior fellow and adjunct professor at the United States Merchant Marine Academy.

"Appeared in DRJ's Summer 2007 Issue"

Add comment

Security code