Compliance monitoring. Sounds fun, right?
Well, maybe not, but it’s something that every organisation has to deal with.
There are all kinds of requirements to meet and they come from various sources: legislation, policy, standards, guidelines.
So, how do you continuously keep track and ensure that you meet all of them?
Auditor friends, don’t shoot me but…the truth is that you don’t. You can’t.
Maybe you could in an ideal world with unlimited resources or full control over what you take on.
But, in the real world, we have to pick our battles.
So, what does this mean? Well, in my mind, it’s being mindful of three things.
First, it’s not an all or nothing game. It’s not about following a ‘hope strategy’ (hoping we comply) nor about being super organised and tracking everything (no requirement left behind!).
Second, not all requirements are created equal. Some are high-risk and breaching them may significantly impact safety or may lead to a loss of your licence to operate. Then there are others that are not as detrimental to your continuity, like using the recommended font in internal communications.
Third, ‘self-awareness’ is key. Do you know what you need to comply with? Have you figured out which requirements really matter? Where are you on the spectrum between a hope strategy and a tick-every-box approach?
Answering these questions will tell you where you need to start.
If you’re closer to a hope strategy and your executives are nervous about signing off on annual declarations, start by:
triaging your requirements into three categories (such as high, moderate and low risk – no need to overthink this)
identifying the types of monitoring activities needed for each category (for high-risk requirements you might need regular exception reporting or compliance auditing and for lower risk ones you may not need any active monitoring at all)
developing a high-level action plan for introducing new or strengthening existing compliance activities, including prioritising the high-risk requirements in your timeline (again, no need to overthink this – a simple table will do).
Sounds doable, right?
Well, yes, but sometimes we are so overwhelmed with the fear of being suddenly caught out by a major breach or with the amount of ever-increasing requirements and commitments coming at us, that it all seems too hard and we don’t even make a start.
I compare this to the time I decided I was finally going to get on top of my housework (don’t laugh, but I am a bit of a homemaking enthusiast).
I really wanted to have a clean and tidy house but always struggled with my ‘all or nothing’ approach to home management. I would overfocus on work and do very little housework during the work week, then would go crazy on the weekend and return to work exhausted on Monday.
I didn’t have many established routines so there were times when I missed things and would be washing school uniforms late on a Sunday night or would need to do major cleaning before a dinner party – exhausting.
Finally, I made a list of all of my household chores and figured out which are the most important ones, that need to be done daily and weekly. Everything else was considered deep cleaning and was dropped until I had set up and stuck to the daily and weekly routines for an extended period of time.
I eventually created routines that I could manage around my work schedule and energy levels, prioritising healthy food and clean clothes over tidy wardrobes and spotless floors. It took quite a bit of effort to test and figure out the best routines, but the important thing is that I made a start and then tweaked things along the way.
Now things run much more smoothly - I don’t miss the big stuff and I worry less about the little stuff.
I hope this is helpful.