I am devoting my governance tips this summer to talking about compliance. I have designed an acronym to help us achieve the goals that have been set by our organizations. The acronym is COMPLY and I have already talked about:
C= communicate the policies,
O= observe behaviour to determine compliance.
M= measure the compliance.
We are up to P and I have two possibilities for P.
P = prevent and/or penalty
The friendliest one is prevent. After you observe and measure, you may find that stakeholders are failing to follow a rule. Question – is there any way that you can prevent them from breaking the rule? For example, if you don’t want people opening filing cabinets, then lock them. If you don’t want people walking on the lawn, then put up a fence. That is prevention.
Each policy should have a penalty for non-compliance, if you are serious about compliance. Example – If a board member does not attend meetings, then what will happen? If employees are always late for work – are there consequence? The penalties for non-compliance should be established when you first adopt the policy.
We care about the P in COMPLY because if there are no consequences for failing to follow a policy, then you will not have compliance with the policy.