E&C Assessments - Part 2 - Compliance Maturity

In the last newsletter, we discussed external assessment tools - mainly external risk analysis. Now, compliance maturity.

We’re not concerned so much with having but doing. Having a driver’s license doesn’t help us determine the likelihood of our causing an accident. How well we were taught, our risk awareness, experience, situation, conditions, and other factors might be more salient data. How then to establish this is a compliance context? How about assessing our ability to prevent, detect, and respond to possible issues?

What?

The three steps below will be familiar to all risk aficionados. In this compliance context, the image below summarises what the assessment covers.

I’m speaking to a sophisticated audience here, so I need not labour the point and delve further. However, I will emphasise the labour it took to create the reports that whistle to your inbox after you take the survey! Your report is customised to your score (high, medium, or low) across each area (prevent, detect, respond). Ain’t tech cool? To generate the reports required thousands of words of text and analysis, distilled down to the customised 3-5 pages of data you’ll get.

Why?

Why would I do this? I asked myself the same question repeatedly. At times, I cursed the mission. You know, the one I’d come up with. The goal for Ethics Insight was always to democratise access to risk advice and support. Part of that involves the content generated here, including the videos and infographics. But what was lacking was a cogent and consistent narrative across the main areas of compliance in one place.

The report is generalised (not bespoke to a sector or location). It is also free. I aim to make risk relevant for the many people who find it confusing and burdensome. Customisation can come after establishing a baseline - start somewhere.

I’ve realised over the past 3-4 years that many of the organisations at the sharp end of risk (SMEs especially) lack the time, confidence, and (less often) the know-how to manage risk. As larger MNCs, multilateral agencies, governments, and the rest kick compliance requirements down, where do people without significant (or sophisticated) risk and compliance teams go? How do they decide where to start? Who supports them?

A PDF following a 20-question survey will not solve all of that, but it’s a start.

What next?

After this beginning, there will be more. We’re furiously working on an update to the Ethics Insight Platform - scheduled for an autumn (fall) release. The 2.0 will provide near-freemium access for those folks dipping their toes in the risk management ocean. The catch? We will use the insights and data they give us to build better resources, content, metrics, and assessments and provide real-time analysis for the enterprise customers (including by sector and location).

The 150+ pieces of risk management content currently on the Platform will continue to grow. The idea? Well, my brother helped. He works in sustainable agriculture. We're borrowing those concepts to create a risk assessment, treatment, and support ecosystem.

A community. A place to share knowledge, questions, and learnings.

For now, though, have a look at the compliance maturity assessment. I hope it helps. Let me know.