The Clever-Risk Compliance Method
by The Lazy Anarchist.
What to do in the face of the onslaught of laws, regulations, frameworks, directives and so on ?
Misaligned requirements, sounds familiar anyone? Making sense of the ocean of compliance makes me think of a valley of broken dreams. What is the point of compliance and governance why do we have to have it and why is it so vast and uncertain?
What we know is that there are wise people that live in different parts of the world, and they are trying to protect us from ourselves by implementing continuously changing rules as we keep making bad decisions for ourselves. I am not going to talk about this part here, i have covered this in another related piece.
Even though science tells us that eventually the lights will go out and the sun will not rise as expected, we can assume that it is perpetually going to happen relative to our puny existences. Similarly, there are some things we can safely assume, will go on.
Take for instance, idealistic common sense vs the naturally corruptible human mind as the justification for the proliferation of regulations and frameworks that we must comply to.
Is there an end in sight? The dirty answer is, no.
As the regulatory bodies continue to update laws and various standards of corporate operation, we can be sure that we need mechanisms to keep up with the pace of change.
Nothing new here, every company that has survived to current day has already figured out how to navigate their compliance landscapes. The challenge though is that this is usually an effort that at least smaller companies cannot afford to fully satisfy.
Usually, companies very loosely comply and live out their lives in ignorance and get lucky most of the time and cash in on all that giddy optimism in life. It is like that adage that says - It is not a matter of "if", but it is "when" a cybersecurity breach will occur.
So why is it difficult for companies to comply, i don't know because even this confuses the celestial observers?
Well I am egotistical enough to take a stab at it with ball?
Thankfully, us lazy people are quite innovative when it comes to hard work. I worked hard all my life to become a lazy bum, across all aspects of ICT and business, and I realised that the general approach across companies across countries is that they usually have a prestigious department called something like Corporate Affairs with some mystical process like Enterprise Risk Management, and all powerful committees like the Board Audit and Risk Kumite and so on.
These are the basis of the red tape bureaucracy that is required to meet the requirements of the compliancy gods. This is the solution but it does come at an onerous cost to smaller companies at least. The knowledge to know that you are complying to everything you should be complying to comes at a premium of time and cost, then to implement the required controls, then to have oversight with checking and reporting and further external audits and certifications on an annual cycle. Yet companies have survived and kept out of the red for the most of it I think. However, there has to be simpler and smarter solutions to address this problem.
Together with C-xO, the right engagements were made and we have come up with a model that addresses this problem. The Lazy Anarchist strikes again, and in collaboration with C-xO.com's research and development division, we are in the processing phase of a new set of service offerings coming soon...
I have learned that the nob machines and cookie cutters are necessary but we can improve and find better ways in the maze.... The Lazy Anarchist.