In the previous two blogs we saw how Protection of Rights and Economic rationales influence public policies and compliance regime.
In addition to these two reasons, companies set certain internally designed business policies for the betterment of the business. An example to internal compliance is when the accounts department follows the company’s policy and reconciles cash and bank accounts at the end of every month and reports to the internal auditor.
In this write-up, I will touch upon this crucial piece of rationale which infuses the much needed strength in running a business in contemporary time with operational effectiveness and efficiency.
Internal Control
Rationale 7: Safeguarding data and technology infrastructure through internal control
The proliferation of digital economy comes with security concerns with respect to valuable digital assets including data and technology infrastructure.
Adherence to several security standards such as PCI-DSS, ISO 27001, MFA standards, and internal controls such as SOC 1 & SOC 2 have become norms to gain customer’s confidence and trust.
It’s not surprising that companies give lot of weightage on these factors while choosing their partners, as breach of process and standards may bear wider repercussion and can even strain the relationship between partners.
Can any company, in today’s economy, think of expanding its global footprint without adhering to these standards?
The fact remains, if you don’t adhere to the standards driven by internal control, you may risk of losing potential business opportunities.
Strong internal control and compliance would build the kernel, and enable companies to forge durable partnerships across boundaries.
Conclusion
Compliance is necessary for multiple reasons – Protection of Rights individuals and businesses, Economic reasons and Internal Control leading to best practices.
You may be in any business, it may be manufacturing, healthcare, services, finance or other, you would be bounded by these rationales of compliance. And, some of the rationales cut across all industries. The best approach is to remain aware of the nuances of compliance requirements, and keep watch on their future developments which may have potential impact on your business.
Research inputs by Manas Bairagi
Following sources have been referred to write this blog series:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
https://www.privacy-europe.com/compliance.html
https://get.fuelbymckinsey.com/article/sizing-up-the-subscription-e-commerce-market/
https://undocs.org/A/RES/68/167
https://scholar.harvard.edu/files/stantcheva/files/lecture8.pdf
https://www.parisschoolofeconomics.eu/docs/caillaud-bernard/public-goods.pdf
Chapter 14 of ‘Managerial Economics and Busines Strategy’ by Michael R. Baye
https://www.pcisecuritystandards.org/pdfs/Multi-Factor-Authentication-Guidance-v1.pdf
https://www.infosecurity-magazine.com/opinions/soc-audit-reports/