Compliance status vs. compliance programs: What's the difference?

Jennifer Vogl (jennifer.vogl@cdw.com) is a Governance and Compliance Manager at CDW in Madison, Wisconsin, USA.

This is the first of a two-part series on organizational compliance posture.

Your organization has passed the audit. You have your attestation, certificate, or final report, and you’ve met the demands of your customers, stakeholders, regulatory agencies, etc. At this point, it’s nearly impossible for someone on the outside to see what it actually took to pass the audit or your overall compliance posture, and the people outside your organization might not actually give it a second thought. So, if that’s true, should it matter to anyone inside the organization? The short answer to that question is “Yes.”

In this two-part discussion about compliance posture, we’ll be able to examine the difference between having a year-round compliance program and having a point-in-time compliance status (yay, we passed!). We’ll address both how you can know which applies to your organization and how that compliance posture can make a huge impact. Simply put, your organization should care about its compliance posture. Regardless of your position within the organization, from the operations team member to the compliance specialists and all the way up through the executive leadership, there is a significant difference between having a robust, continuous compliance program and the urgent flurry of compliance activity required to just pass an audit. Every single operations or compliance team member will notice the difference in resource allocation and optimization. Leadership team members and stakeholders will feel the difference in the ease of audit process and completion, as well as the impact on financial, reputational, and compliance risk. Most importantly, and counterintuitively, it may actually save money and reduce resource burdens by choosing to have a compliance program over momentary compliance status.

Before we decide where we are going, though, we should figure out where we are. A map is a great tool, but only if you know your starting point. So, what is your organization’s compliance posture? Do your team members and leaders have a strong sense of confidence in the organization’s compliance posture via programs that provide ongoing feedback and measurement? Or, instead, do your team members and leaders have a fleeting feeling of success associated with passing a particular audit? How do we even begin to answer these questions?

This document is only available to members. Please log in or become a member.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field