Imagine if everyone created their own compliance programmes based on their knowledge rather than using an established compliance framework. While there would probably be some common features, there would likely be far more differences – differences in the references, the order of things, the keywords and the descriptors. The programmes would be difficult to follow, difficult to interpret and certainly difficult to compare.
Now picture being an investor, auditor or maybe a senior executive trying to review a company's compliance programme. Wouldn't it be tough to compare or even understand the content of the programme if everyone followed a different approach? The ability to understand the methods would be dramatically reduced, and the ability to compare would be virtually non-existent.
Think of accounting standards. Before we had generally accepted accounting principles and the International Financial Reporting Standards, everyone just did their accounts according to their own standard or their own preferred approach. Attempts to compare and review a financial position were difficult or impossible, and nothing was reliable. Without a baseline, no one could truly test and audit.
Standards make sense in accounting, and they also make sense in compliance. We may not always like every element of the standard or the way something is phrased, but we take the good with the bad and follow it anyway. We know that we can rely on it because everyone is doing the same thing.
In compliance, there is an established standard for anti-bribery, a newer general standard for any compliance topic, and new guidelines for governance. These standards are well established, produced by the International Organisation for Standardization, and available to use by any company or organisation – big or small, private or public – for minimal cost.
In most cases, your use and application of the standard can be validated by obtaining a certification, which is an independent audit by an accredited body to certify your use of the standard. This certification not only validates the use of the standard, but also validates the work that you have done on implementation.
If you are not basing your compliance programmes on a standard, ask yourself why. Using a standard just makes sense. Likewise, if you have been using a standard but have not yet gained a certification, you should think about that.
Things will be much easier if we all start to follow the same framework, proceed to certifications and use compliance as a competitive advantage.