It’s another week of Intreis Myth Busters! In the last post, we debunked “Internal Audit will detect any problems that exist”, and today we will debunk ‘Technology will make us compliant’. And that… reminds me of the story below.
A few months ago, I chatted with a friend overseas who excitedly shared that she just had an advanced, high-tech, security system installed in her spacious house. With all of the services, bells and whistles that came with it, she felt so ‘covered’. But then a month later, I learned that the same system had been de-installed. When asked why, she explained that she was the only member of the family who knew how to operate the system, and apparently the system was overly sensitive, triggering many false alarms. When the alarm went off, they didn’t know what to do, how to disable it, or who to call, which was causing a lot of stress and confusion for the family. After a few incidents, they decided to end the adventure.
While the story may give us a chuckle… it sounds a little too familiar. Many people believe that implementing powerful technology solutions will make them compliant (‘covered’). Well, maybe one day it will be that simple, but don’t count on it to come anytime soon, or ever. It takes much more than technology to make an organization compliant.
Let’s go back to the basics, to the days where the phrase “People, Process, and Technology” was the buzz phrase of the century. You will have a far better chance of being successful and compliant if you consider these three key elements.
People
To start with, get the ‘People’ side right. Employ the right people with the right attitude – you can train skills but not attitude. Educate them on what they need to know, what the initiative is all about, and make them aware of how their contribution impacts the big picture – it’s empowering!
Also, ensure that executives or senior management are committed to the initiative; without that, the chance of being successful is slim to none.
Process
Next, how many people think that technology will solve their process issue? It is true that nowadays technology companies try to incorporate best practice processes into their products – is a good example, offering an IT Service Management solution that is based on the ITIL v3 framework. While it can certainly jump-start your effort, it does not eliminate the need of establishing, examining, and designing your processes. Remember that processes should be technology-agnostic. While you are at it, consider all of the compliance and regulatory requirements that apply to your organization. Understanding processes and regulatory landscape will help you make a better technology decision.
Technology
Finally, with well-designed processes, select technology that can support them and increase organization’s effectiveness, efficiency, and compliance. Don’t do the reverse! If technology is implemented without having process in-place and people are not trained appropriately (on both process and technology), you set yourself up for a hard fall.
Summary
Myth: ‘Technology will make us compliant’
Fact: Technology is an enabler – However, technology alone will NOT make you compliant. Technology is only as effective as the Processes that wrap around it, and Processes are only as good as the People that follow them. To be compliant, thoroughly consider the People-Process-Technology aspects – and setup controls in each area to ensure that objectives are met.
Come back next week, when we will debunk the myth: ‘We don’t have enough resources to achieve compliance’. In the meantime, if you have been in a situation where people believe that technology is THE ticket to compliance or success, share your experience…we’d love to hear it! And don’t forget, tweet us your least favorite Compliance Myth !