Like location is key to a successful business, communication is important to a successful compliance effort. And if repetition means anything at all, it's very important. I've heard and read variations on the same theme from several different sources in recent days.
First, Axentis VP Brett Curran reminded us that ethics officers set the tone for behavior in their organizations largely by communicating those behavioral requirements with consistency and in vernacular (er, language) that employees understand.
Then I found this Management Today piece, which emphasizes the importance of decency in the workplace. Its most valuable nugget: Never underestimate the power of the "two minute schmooze."
And today, InfoWorld's coverage of the Security Standard Conference focuses on the importance of good communication between IT and internal auditors -- or even external auditors -- when it comes to IT audits. Says writer Matt Hines:
[T]he collection of seasoned compliance and auditing specialists called for an end to the turf war that tends to materialize when internal and external auditors begin running their reports.
By fostering a more cordial relationship between IT departments and auditors, and pushing the groups to engage in more comprehensive exchange of ideas, businesses may be able to lessen the pain typically associated with allowing for the systems assessments.
Such cordiality, the story says, allows the various groups involved to better align their goals. PricewaterhouseCoopers partner Rick Boren notes that it also better enables the auditors "to tailor their work to suit the operational demands of each business."
Beware though -- the line between cordiality and collusion could be very thin indeed. As Francine McKenna pointed out in an IT Business Edge interview earlier this year:
We need more integrity on the part of the firms and more enforcement of this integrity by their clients. Although making these calls is tough and adds an extra burden to the clients to find competent staff to work on the myriad of issues some companies face, it is a necessity for maintaining integrity of the process and of the results.