COM is very simply identifying all the things that you are required to do and providing a mechanism to demonstrate that you have met your obligation. Only a few years ago you could count on one hand or maybe two the requirements that put your organization at risk. Today even the smallest organizations have dozens of regulatory, HR and contractual issues to manage. If your business takes credit cards then you have a plethora of data privacy and data protection requirements that didn’t even exist 36 months ago. And, if you have any social presence or operate in an environmentally sensitive industry then you compound your COM with an assortment of social responsibility and NGO demands.
So my Blog posts will talk a lot about risk and stupidity. I plan to share examples of organizations that simply ignored the warning signs despite their best efforts to train and advise their stakeholders. I will also share the stories of individuals who failed to exercise good judgment or out of personal greed put the organization at risk.
My goal is to be blunt and to the point, but at the same time share the positive stories of people doing the right thing. I hope you will join the conversation and if you ever think I am full of it – just let me know.