A new study by the Ponemon Institute shows organizations that perform internal audits spent less per capita on compliance than those that didn’t perform internal audits.
Larry Ponemon is chairman of the Ponemon Institute and he commented: “I believe that the reason why internal audits reduce compliance cost is that they help prioritize the organization’s overall compliance efforts. This leads to greater efficiency in managing the total compliance burden. In other words, companies that do not conduct audits appear to be less efficient in their ongoing program management of data protection and privacy efforts.”
From my experiences and from lessons learned I agree that “ongoing program management and ongoing internal audits” are crucial to an organization’s bottom line and important to keep up with constant changes, new regulations, new risks, higher scrutiny in audits and mounting lawsuits.
But…is a binder full of policies ongoing? Nope. Is an electronic intranet or shared server full of policies ongoing? Nope. Is having your people go through online general training once-a-year ongoing? Nope.
What if your people were reviewing your policies, procedures, risks, expenses and efficiencies on an ongoing basis and had the ability to anonymously offer their feedback and report incidents on an ongoing basis?
This study reveals the obvious (including potential for cost savings), so hopefully organizational leaders are paying attention and will become more open to transforming their outdated and status quo ways of compliance and risk management sooner than later.