Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
While the issue of cost of compliance to consumers and tax paying citizens is a well-researched fact, the cost of non-compliance is still an uncharted area measured mostly by fines and penalties paid by corporations. Those opposing the pressure of compliance, often argue that regulations only expand the bureaucracy, adding burden to its subjects or on the industries it regulates.
Regulatory compliance by enterprises could result in a positive impact on quality of the product and services that they generate. This could imply that the results of compliance can be quantified into direct economic value for the complying enterprises. Although this is not a tested hypothesis no one would dispute the fact that a significant body of regulations today, attempts to raise the quality of products to benefit (or protect) the consumers. One may ask if it is possible to quantify the gains so achieved. While the issue of cost of compliance to consumers and tax paying citizens is a well-researched fact, the cost of non-compliance is still an uncharted area measured mostly by fines and penalties paid by corporations. Those opposing the pressure of compliance, often argue that regulations only expand the bureaucracy, adding burden to its subjects or on the industries it regulates.
The popular press is full of articles these days, arguing that the recent Sarbanes-Oxley regulation is overburdening corporations. While there may be some truth to this matter, one should not forget the cost of non-compliance, which was borne by the shareholders of the numerous corporations who broke the inherent trust of the financial markets. In my judgment, Sarbanes-Oxley gives CEO's an internal mandate to institutionalize what most CEO's have always wanted and in many cases failed to achieve; Real-time documentation and controls on key financial and operational processes. The correct operating perspectives allow business executives to turn the focus away from the debates of the cost of Sarbanes-Oxley, and achieve greater competitive advantage through tighter process controls and metrics. These efforts will not only result in higher quality of financial controls and disclosures, it can further enhance the financial results through superior process automation and controls.
Taking an example from the food industry, a single cow with a dreadful disease could push businesses to the brink of bankruptcy, disrupt markets and spread paranoia worldwide. It is common knowledge that interested lobbies fought hard to stop cattle inspections and the industry did not heed FDA's sound advice to avoid mixing meat from downers into the cattle feed. The food industry abounds with such examples where massive amount of processed food have been recalled from the shelves because of lapses in the production process. Embracing the USDA recommendations with appropriate automation and tools, can give CxO's a way to define, automate and raise the quality of their food processing activities, delivering differentiated food products in the market, which the consumers can feel safe to consume. Although USDA regulations may seem expensive to organizations on the surface, complying with these stringent regulations provides for greater food safety and enhanced customer satisfaction, eventually leading to enhanced financial results for the company.
Besides food and drugs, occupational health and environment protection is surfeit with regulations as well. Strong lobbies are fighting regulatory controls tooth and nail to delay if not to limit, many of these regulations. One should not forget that regulations around global safety, OSHA regulations are increasingly becoming more critical for regulators as we inherently live in a "riskier" world post September 11th 2001. As we raise the quality of our safety processes, create better frameworks for corrective and preventive actions, build an infrastructure of emergency preparedness and disciplined audits, not only are we being more compliant, we are also raising the safety of our employees and facilities worldwide, eventually resulting in better managed safety and environmental risks for corporations. These risk reduction initiatives fundamentally translate to more predictable and sustainable shareholder returns.
One could argue that self-regulations are the best form of regulated controls as it imposes the minimum amount of cost on corporations and regulators. The proponents of self-regulations denounce the surge of regulatory controls and cite historical examples, where industry regulations have failed to work. The shift that these advocates of self-regulation fail to acknowledge. is that we now have a globally working communication infrastructure, the Internet, which allows a collaborative platform for regulators and corporations to work together across geographies and organizational boundaries. Using appropriate regulatory tools and processes, forward-looking corporations enjoy the benefits of increased effectiveness of regulations as well as a decreased cost of compliance. Maybe, we all need to rethink how we can leverage technology more effectively as we incorporate regulators and regulations in the fabric of our extended enterprise!