Regulatory Compliance for the Small-to-Medium-sized Enterprise (SME)

Here's a LinkedIN GRC comment from Sanjay N:, "A lot of the attention is on the Compliance management problems of the larger companies but the challenge for the smaller companies with their limited staff, budgets and bandwidth is perhaps even greater. Cloud based systems probably offer some help but let me ask the compliance experts here – are the challenges real and if so what can small companies do to stay ahead of their compliance requirements?"

Here's my response:

I love this topic, Sanjay! It's probably the most important question that we fail to address. It's an especially relevent topic for the Small-to-Medium Enterprise (SME) where each step in the GRC foundation-building process is mission-critical.

We all should know, from the outset, that technology insertion and employee adoption is not only difficult, it's a HUGE issue and challenge. As Michael Hammer always says, "The Soft Stuff is the Hard Stuff". Meaning dealing with human change and technology adoption is the top risk that most system implementation projects usually miss BIG-TIME! 

With that said, our firm is now starting to recommend a two-fold strategy for the smaller firm to get themselves from the starting line into the world of GRC in a way that enables them to take small bite-sized chunks. We recommend that the firm invest in a solid GRC mapping product for compliance requirements traceability that enables the employees to get up to speed in understanding the industry regulations that drives their world. If you need some guidance on what a GRC mapping product is, contact me off-line and I can help you out and get you some 3rd party assistance.

Category: GRC for SME


Post new comment

The content of this field is kept private and will not be shown publicly.