Skip to Main Content
The changing nature of regulation forces businesses to continuously reevaluate the measures taken to comply with regulatory requirements. To prepare for compliance audits, businesses must also implement an effective internal inspection policy that identifies and rectifies instances of noncompliance. In this paper, we propose an approach to compliance management based on a quantitative risk-based optimization model. Our model allows dynamic selection of the optimal set of feasible measures for attaining an adequate level of compliance with a given set of regulatory requirements. The model is designed to minimize the expected total cost of compliance, including the costs of implementing a set of measures, the cost of carrying out periodic inspections, and the audit outcome cost for various compliance levels. Our approach is based on dynamic programming and naturally accounts for the dynamic nature of the regulatory environment. Our method can be used either as a scenario-based management support system or, depending on the availability of reliable input data, as a comprehensive tool for optimally selecting the needed compliance measures and inspection policy. We illustrate our approach in a hypothetical case study.
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.