The extent of the added value of the compliance approach depends on the scope and scope indicated by the management.
Control over company and personal data
MYOBI agrees on the TTP policy with all users. Users on the Trust Network make mutual agreements about various matters and (laterally) agree on how partners deal with the confidentiality, reliability and availability of each other’s business and personal data. Based on the TTP policy, partners use the processor, data exchange and/or management agreements. As a result of making agreements, an information ecosystem with company and personal data is created. The user presents himself to his partners with confidential, reliable, and available company and personal data, protecting his reputation. If each partner is accountable to society using the compliance approach, the information ecosystem contains confidential, reliable and available company and personal data.
An adequate information ecosystem is a precondition for the effective organisation of business activities. Users become interesting parties to do business with for (potential) partners. As a result, new sales channels are created, while transaction and relationship costs are modest and unpleasant, and costly escalations are avoided.
An adequate information ecosystem is also necessary for organising more effective business activities. For example, think of organising the corporate legal function or setting up and managing knowledge and change management. By organising the company legal function, the company management explicitly formulates the contractual obligations and thus makes the compliance approach explicit. Top management may ask department management to what extent rights are followed and responsibilities are met.
The compliance approach is designed so that it is easy to extend the system to other areas of accountability. The compliance approach that MYOBI applies is a combination of legal privacy obligations (protection of personal data under the GDPR) and directing company and personal data within the timelines of accounting for financial, social responsibility (particularly the annual accounts and tax accountability).
The company management is expanding the integrated compliance approach by:
- Add accountability obligations that have the same scope and scope as protecting company and personal data to the compliance approach. We can think of protecting intellectual property, business information and trade secrets (Trade Secrets Protection Act and the Data Governance Act), the DigiD audit for government, financial and healthcare institutions, or organising compliance with contractual obligations that lead to an ISAE 4302 statement.
- Increase the accountability domain. In essence, protecting personal and business data is not limited to the general infrastructure (usually the cloud platform). In practice, however, we see that when protecting personal data, management mainly focuses on IT security and less on the effectiveness of management and security measures included in business processes. The integrated compliance approach is broadened by explicitly including the organisation of business activities with business processes in the accountability domain.
The professionals at Duthler Associates, who take care of the compliance approach for MYOBI, are happy to discuss the possibilities of a company-specific compliance approach with the company management and management.
Knowledge and change management
As a result of changing legislation, business operations choices and advances in technological capabilities to better automate business processes, top management initiates knowledge and change projects that impact:
- The work processes of employees.
- Effectively organising business activities with appropriate business processes.
- IT systems that support business processes effectively.
A precondition for a successful change process is the change capacity of the employees: are employees willing and able to complete a change process. In the ADKAR model below, we discuss the different phases.
Employees often indicate why business activities need to be better organised, and sometimes the management initiates a change process. However, the desire to implement the change requires knowledge, and therefore, it helps that a prototype of the intended organisation is available. Then, after the employees have built up sufficient expertise and the management has further developed the prototype, the planned changes can be implementred within the organiation.
The compliance approach fits into this change process. Carrying out compliance activities at an early stage of the change process strengthens the “user story”, the prototypes and the final processes supported by IT. As a result, business activities are effectively organised, while realisation costs remain manageable.
Organising business activities with more effective business processes in whichever more effective management and security measures are included and where IT plays a more critical role requires powerful management. Duthler Associates, who provides the compliance approach for MYOBI, helps companies successfully organise the change processes.