Measuring the Cost of Non-Compliance
Integrity is everything to an organization. If I could rebrand the Chief Ethics and Compliance Officer (CECO) I would call it the Chief Integrity Officer, but we already have a CIO in the Chief Information Officer. Ethics and compliance done correctly is the bastion of corporate integrity and corporate ethical culture. That is what compliance and ethics truly is all about.
Too often compliance is not seen in this perspective. Compliance is approached tactically as a series of checkboxes. If we check the boxes, we want our get out of jail free card. It is a tactical approach and not strategic. Alternatively, compliance is done as an afterthought or is seen as the corporate police that is always getting in the way. This leads to greater compliance exposure as compliance and ethics is not seen as a core part of how we do business and the way we do business. Too often it is approached with smoke and mirrors with a focus on the bare minimum to get by or creating an outright fictitious compliance environment.
When it comes to compliance breaches and incidents, too often organizations fail to grasp the full financial impact of non-compliance. In my research and experience, you can break the cost of a compliance incident/breach into the following three areas (with others that I have not measured) . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE CLAUSEMATCH BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]