Compliance isn’t a bad state to be in but it’s not where you want to stay if you have designs on being an industry leader or if you want to at least keep up with the pack. Why?
There is de facto compliance – we comply with our personal and society’s moral and ethical guidelines. The vast majority of us treat others the way we would like to be treated – with honesty, fairness, empathy, trust, and decency. We are taking care of our customers’ needs primarily because it’s the right thing to do and secondarily, because it’s good for business.
Then there is de jure compliance – the kind most of us don’t need and don’t like. Laws are written for the lawbreakers. Laws like The Public Company Accounting Reform and Investor Protection Act (SOX, for short) are classic cases of “closing and locking the barn door after the horses have escaped”. They impose a penalty .
I am saying that the vast majority of us don’t need laws – or standards – because we’re already doing more than they are mandating without need for oversight.
You must understand that laws and standards set the “floor”, the base level of compliance. They say, “Here’s the least you must do to be in compliance.” Typically, this consists of following rules or guidelines for reporting what your organization is doing to comply with requirements.
As long as you continue to do the bare minimum, you’re OK. That doesn’t mean you’re always acting in the best interests of all your stakeholders, including:
- Suppliers and outsourcers;
- Employees; and
Individuals and entities like these aren’t looking at your compliance record. They’re looking at more important issues, such as how efficiently and effectively you meet their requirements – requirements which are much stricter and easier to understand than any requirements legislators might dream up.
In other words, while compliance may be sufficient for some, don’t let your company fall into the “compliance trap” and miss the forest for the trees. Don’t merely settle for good when you could be great.