A2. If you view regulation and compliance through the lens of being an unfair burden on your business then you just try to minimize your spend. Let things drop and pay fines. But that is just transferring your risk to society. A better lens is "quality". Provable quality.
A1: Silo’d understanding of world by policymakers creating continuous attempts 2 control & regulate inherently complex and diverse reality, managing for all exceptions instead of starting from the assumption that mostly everyone is honest & trustworthy. Mechanistic worldviews.
.@MPelletierCIO totally agree. Working with #CPAs recently I think they are a good asset for this. Ask them for insights they are seeing across their clients.
I struggle with this because Compliance only seems to get noticed when things go wrong as its function is so difficult to quantify. Key risk indicators could help but I believe a culture shift is needed to place additional value on back end employees.
A2: ROI is almost always challenging. Being compliant means that our C-suite is not going to jail and that your investors/stakeholders are assured business continuity. I would start though, by looking at what you're not able to cover based on Q1 issues and start there.
A2: Many organizations have accumulated non-compliance for about two decades. Thus, today's compliance efforts are not an investment, but ought to be considered as expenses saved in the past.
Absolutely. Just like technical debt in software. You can "cheat" for a while, but if you repeatedly only focus on the short term and what is expedient, you get yourself in a sticky place and it gets more and more expensive to "get right".
Q2. It's a bit out of my personal wheelhouse if I'm being honest, however last week I was fortunate enough to hear from a panel of experts who I'll paraphrase: we haven't figured out returns per se, it's often about identifying financial liability of a misstep and working it back
A1. The age old 'do more with less' is what I keep hearing is the stretching. Teams then resort to #sampling, and that's due ever changing requirements let alone expanding #data. I see #AI as a big help in reducing this need.
Moving from manual to automated processes as much as possible is the only viable approach, and then using emergent technologies to expand the scope of what can be automated.
