Determine a sustainable compliance risk assessment initiative.
Imagine forcing employees to partake in a compliance risk assessment process by insisting that they participate, do the assessment as part of their daily workload with no recognition for their efforts, and then do a “gotcha” when it is determined that the employees were not promoting or adopting best practices to ensure compliance with the law. A really bad idea, right?
Knowing your organizational culture will help you begin your quest to start a compliance risk assessment process. Did you start this process with an edict from the CEO or board? Did you start this process with a grassroots initiative involving employees who may know that the organization is not complying with a specific law?
Customize this process to best fit your organization. Ask these questions: What works best at your entity? Does the CEO command the loyalty and trust needed to successfully start and implement this assessment process? Do your employees feel empowered to raise ideas to upper management with the presumption that they will be heard and that good ideas will be addressed? Or is the culture mixed—the CEO pushes the idea and leaves it to the employees to determine the who and what to make it work?