“These recommendations are great, but what should I do with them?” We all know that a best practice for any company in any industry is to periodically evaluate and assess the current state of its compliance program. Such an assessment, whether performed internally or by an outside consultant, should be completely objective with a clearly defined purpose. For example, some assessments may be designed to measure an organization’s preparedness for complying with a new law or regulation. Others may be broader in scope and seek to measure the effectiveness of a program (or aspects thereof) in mitigating an organization’s compliance risk. Irrespective of its scope, a good assessment can provide invaluable insights into a compliance program with important recommendations for improving its overall structure and effectiveness.
While feedback on your program is important, there’s a risk that the company will view the assessor’s recommendations as a check-box exercise. At worst, the company may race to complete the recommendations as quickly as possible, sacrificing quality and thoughtfulness in the process. Because each task completed is another checkmark on the “to-do” list and, thus, a measure of progress and performance, the recommendations are often prioritized based on ease-of-completion starting with the low-hanging fruit, first. This approach, while effective in quickly checking items off a “to-do” list, is often counterproductive and can result in a disjointed and inconsistent program.
Four Steps to Getting the Most Out of Assessment Recommendations
A better approach is to take a more holistic view of the assessment and…