organisation size and compliance 2888

  • Hi all
    many time, during the start of implementation of compliance, people resist arguing that their are just small organization, have just one customer, …etc.
    is there any exclusion of compliance because of size of organization.
    would you please advice how to convince people that it isn’t about the size of organization. Even it is obvious for me, it is pretty complicated to convince people
    hints are welcome

  • The key is to have the ‘tone at the top’ where management sets a good example to do the right thing and supports having good controls in place. It doesn’t matter what size the business is, having good controls in place is the right thing to do. All SOX did was require us to test those controls to ensure that they were really in place and functioning properly.
    Obviously, the size of the business will dictate the types of controls. It is important in any size business to have proper segregation of duties and where there are conflicts in the SOD, then have alternative controls identified to mitigate any risk. We always used the example that in our personal lives, we want to reconcile our checking accounts and review our credit card bills regularly. If we don’t do that, we would never know if someone had unauthorized access to our accounts. We also use the example of locking our doors both in our homes and in our cars when we are away from them. These are example of controls that we have in place in our personal lives. We should do no less in our workplace where there is much more at risk.
    Goood luck in convincing your teammates the value of good controls.

  • Hi kymike
    thanks you for advice and examples: yes it give me some ideas to give to my colleagues
    happy new years

Log in to reply