Vertex11

If compliance is the goal you could be setting your company up for failure. The secret to winning risk and control is first and foremost being sure you’re playing the right game against your adversaries. The fact of the matter is, when your moves are all about compliance, you’re playing “checkers.” But adversaries are not. It’s more important than ever to immediately up your game, and how easy it is for you to do so may surprise you.

Threats to your organization have never been more aggressive and sophisticated. The governmental safeguards that are in place are both inadequate and antiquated to provide sufficient cover for organizations today. Unfortunately, most companies are simply more reactive than proactive by nature. More time is spent in the boardroom dissecting and discussing past due audit findings and test failures than planning for what’s next. Many organizations see their adversaries as internal audits or SOX tester. This low bar compliance mentality is an Achilles’ heel for many companies. As mentioned before, the secret to winning isn’t really a secret. It’s hiding in plain sight.

To build on the checkers versus chess analogy, with the Unites States mostly playing the short game, and countries like China and Russia are playing a more advanced game, a classic movie comes to mind that brings some perspective to the situation—Rocky IV. Where the adversary is on the cutting edge of technology and leveraging all the assets available to him, but Rocky decides to go a different direction. He focuses on the fundamentals and getting the basics right. Ivan Drago is collecting data on his pounds of punching power and Rocky is chopping wood and running in the snow. There’s a lesson to be learned there. Nothing replaces discipline, hard work, and rigor to achieve success. If your fundamentals are off, you’re vulnerable no matter what. Spending significant time and resources on fancy tools may not deliver the success you need. Have you ever heard of the term “check the checkers?” A checking approach to security is not enough.

If organizations approached risk and control the “Rocky” way it would be a game-changer. But unfortunately, fundamentals and attention to detail aren’t sexy and certainly not the next big thing. For this reason, companies will continue to remain at risk and in the headlines for breaches in security.

So don’t fall into the trap of trying to win at compliance. There’s a bigger game at play. To win it you have to be proactive, play the long game and take a tip from the Italian Stallion and focus on the fundamentals before anything else. Do those things today and you’re no longer playing checkers. It’s your move.