In the almost seven years since the passage of Sarbanes-Oxley, compliance and risk professionals have worked diligently to be in compliance with the law and sustain an ethical culture. You would think more than two-thirds of a decade would be sufficient time to get it right, but that assumes Sarbanes was all they had to contend with. Unfortunately, during this period of time more than 18,000 additional laws and regulations have been passed in the United States alone. Each requires either a cursory review or the direct attention of CEO’s, Boards, or compliance professionals.

Recognizing that compliance is a moving target, organizations must determine their long-range compliance strategy. Will they study and define a minimum set of standards to achieve compliance or seek to fund and refine a very broad set of initiatives to ensure minimal out-of-compliance risk –- or something in between?

Having worked closely with compliance professionals for many years, I know they will admit three things are true.

First, compliance and regulatory pressures continue to grow. (If in doubt, all one needs to do is look at the most recent wave of new requirements attached to the Stimulus Act, because many of these have a rippling effect that is staggering).

Second, they are currently faced with a difficult economic landscape; organizations are looking to mitigate risk while optimizing their compliance expenditures – in other words they are challenged to do more or the same with less.

Finally, an organization that only develops and adheres to a minimum set of initiatives – what the Open Compliance and Ethics Group calls a “mandatory boundary” for their compliance spectrum – will find that once they realize they are approaching that mandatory boundary they are generally already out of compliance.

In order to determine the optimal compliance boundary for your organization, it’s useful to consider the complexities by following the framework outlined below. There is a direct correlation between the amount of knowledge you have access to and the unknown risk potential you face.

The pace in which our world runs is not slowing, nor is the number of requirements we must follow to operate and capitalize on opportunities. Organizations that seek to manage their operational fraud and compliance risks by solely imposing rule after rule will never keep pace with change and their workforce will never think for themselves. Only after we inspire our organizations, employees, and supply chain to reason through a lens of integrity, self-govern their personal actions, and influence the actions of their peers will we ever be able to achieve compliance with the law and maintain an ethical culture. By establishing an ideal risk profile and learning to live comfortably within the voluntary boundary that you construct, your organization can create a culture for sustainability and long-term business success.

The full article is available at Corporate Compliance Insights.