Comments on: Why Compliance Cannot be Delivered as a Service http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html spots of thoughts: ian glazer and friends rant, rave and ruminate Fri, 16 Sep 2011 00:15:58 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: iPhone Insurance Dude http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html/comment-page-1#comment-14843 iPhone Insurance Dude Fri, 03 Oct 2008 12:03:38 +0000 http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html#comment-14843 I have to say I agree with Mark - the less people are involved with the issue of Compliance, the better, and the more it can be systemised, the better. We have a tricksy issue with compliance our iPhone insurance for Financial Services Authority regulation (UK government body). And it is ALL about systemising the process - and that involves systemising people - as cold as that sounds. We have done it successfully, but it has taken a vast and expensive amount of time. And I remain unconvinced as to whether it has helped the consumer in any way, shape or form. I have to say I agree with Mark – the less people are involved with the issue of Compliance, the better, and the more it can be systemised, the better.

We have a tricksy issue with compliance our iPhone insurance for Financial Services Authority regulation (UK government body). And it is ALL about systemising the process – and that involves systemising people – as cold as that sounds. We have done it successfully, but it has taken a vast and expensive amount of time.

And I remain unconvinced as to whether it has helped the consumer in any way, shape or form.

]]> By: IT Audit Rule #3: Compliance is not a byproduct of an Audit « Dave Rowe on the Power of Identity http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html/comment-page-1#comment-14662 IT Audit Rule #3: Compliance is not a byproduct of an Audit « Dave Rowe on the Power of Identity Tue, 29 Apr 2008 18:19:06 +0000 http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html#comment-14662 [...] while back there was an interesting debate between Mark Macauley and Ian Glazer about Compliance and whether it could be delivered as a service (CaaS). At the end of Mark’s [...] [...] while back there was an interesting debate between Mark Macauley and Ian Glazer about Compliance and whether it could be delivered as a service (CaaS). At the end of Mark’s [...]

]]> By: Compliance as a Service: Counter-counterpoint at tuesdaynight http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html/comment-page-1#comment-14373 Compliance as a Service: Counter-counterpoint at tuesdaynight Wed, 20 Feb 2008 04:17:21 +0000 http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html#comment-14373 [...] Thanks for keeping us honest Ian! I would be pretty blind to claim that overall regulatory compliance can be solved with any IT solution (…or set of …or service of). But I didn’t make that distinction in my previous post. But, is that the basic point you’re making? …that IT compliance is a subset of overall Compliance? Or is there more to it? [...] [...] Thanks for keeping us honest Ian! I would be pretty blind to claim that overall regulatory compliance can be solved with any IT solution (…or set of …or service of). But I didn’t make that distinction in my previous post. But, is that the basic point you’re making? …that IT compliance is a subset of overall Compliance? Or is there more to it? [...]

]]> By: Mark MacAuley http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html/comment-page-1#comment-14368 Mark MacAuley Sun, 17 Feb 2008 04:06:42 +0000 http://www.tuesdaynight.org/2008/02/15/why-compliance-cannot-be-delivered-as-a-service.html#comment-14368 Ian, I always love mixing it up with you. I will respectfully argue that compliance is not about people other than the operational change a person must execute to be compliant. I will also argue that because people are involved, the more risk is present to not be in compliance. Compliance in its purest form is group behavior modification that comes about by one's behavior ('One' referring to a company/organization/person) being made transparent and available for scrutiny. It is designed to make us honest, keep us honest, and provide a set of rules we all need to play by. In a way it's a lot like art - people will interpret the same painting, sculpture, etc. different ways. That is why the less we involve people in compliance the less margin for mis-interpretation can exist and the better off we can be. Compliance is 100% cost at the end of the day, and companies who have figured out that it is in their best interest to automate every process to be compliant, and automate the measuring of that process, and communicate that the right process exists, will be followed, and if it's not, people all over the company will know, and know quickly. It is different lenses looking at the same thing... Ian, I always love mixing it up with you.

I will respectfully argue that compliance is not about people other than the operational change a person must execute to be compliant. I will also argue that because people are involved, the more risk is present to not be in compliance.

Compliance in its purest form is group behavior modification that comes about by one’s behavior (‘One’ referring to a company/organization/person) being made transparent and available for scrutiny. It is designed to make us honest, keep us honest, and provide a set of rules we all need to play by. In a way it’s a lot like art – people will interpret the same painting, sculpture, etc. different ways.

That is why the less we involve people in compliance the less margin for mis-interpretation can exist and the better off we can be.

Compliance is 100% cost at the end of the day, and companies who have figured out that it is in their best interest to automate every process to be compliant, and automate the measuring of that process, and communicate that the right process exists, will be followed, and if it’s not, people all over the company will know, and know quickly.

It is different lenses looking at the same thing…

]]>