Putting controls in place isn’t enough if you want people to actually do good behavior. Tegan Gebert, Chris Audet and Doug Eckstein of Gartner argue that it’s up to compliance leaders to be coaches for the business rather than just system engineers.
Despite strong motivation among business leaders to manage risk and compliance, Gartner research suggests that only one-third feels confident in their ability to do so. Traditional approaches, such as policy distribution and annual training, are falling short of building the muscle memory organizations need to keep pace with today’s fast-changing regulatory landscape.
The traditional approach to risk management is being challenged by the increasing speed, complexity and cross-functional nature of modern risks. This shifting environment calls for compliance teams to do more than oversee controls; they must empower business, risk and control owners to work together more proactively and effectively.
It’s important to build “risk reflex,” a culture where risk ownership and response are instinctive across the organization. For compliance, this means making it harder for the business to bypass the right behaviors by embedding controls more directly into business platforms or workflows, encouraging the business to think critically by asking…
