Compliance is ensuring that the requirements of laws, regulations, industry codes, and organizational doctrines are met, including contractual arrangements to which the organizational process is subject, i.e., externally imposed criteria.

In other words, compliance means following the rules that are set by people other than ourselves.

Because the nature of these requirements is remarkably complex if we were left to ourselves to comply with all the rules and regulations foisted upon us, do you think that we would be able to? Of course not. At least not all the time. No one reading this (and us as writers) can say that we have always complied with all laws and regulations. Who among us hasn’t guessed at the speed limit when no signs were posted, cheated in solitaire to finish the game, or broken/bent the rules? Not one of us.

Because of the complexity of the rules, we need to have measurable organizational compliance programs implemented to ensure that we follow all the rules.

Compliance programs aim to prevent or identify and respond to; breaches of laws, regulations, codes, or organizational requirements occurring in the organization. Compliance programs should promote a culture of compliance within the organization.

The organizational compliance program is instilled using compliance controls.

Compliance control is a process, effected by management and other personnel, designed to provide reasonable assurance that transactions are executed in accordance with:

1. laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the financial statements or required supplementary stewardship information and

2. any other laws, regulations, and government-wide policies identified in audit guidance. Organizational leadership makes this process of compliance control known to its staff through the publication of policies, standards, and procedures that must be followed unless a formal exception has been granted.

Documented organizational controls, in the form of policies, standards, and procedures guide organizational staff when conducting day-to-day operations. The reason these policies, standards, and procedures are called controls is that they guide and limit the actions of users abiding by them.

Therefore, when we say that an organization is in compliance, or complying, we are saying that they are following all of the rules and guidelines set before them by creating and implementing a compliance program that outlines and documents specific controls in the form of policies, standards, and procedures – and most importantly auditing or attesting that they are following those policies, standards, and procedures.

Do you have an opinion on this? If so, voice it HERE, in the discussion forum!