In general, the process of getting formal (audited) compliance can greatly improve security - but it is usually the ***process of getting there*** that does so, the actual rubber stamps have sufficient flexibility that they are not in themselves a guarantee of proper (or even consistent) security levels.
Also, one industry in particular that I am familiar with, has multiple regulator-imposed system/data security compliance requirements that actually contradict each other, which is unfortunate.....