- Customer Success
- Case Studies
- About Us
In a previous article we wrote about the Key Components of a Compliance Framework, what is compliance and the importance of the Obligations Register and the relevant rules.
We defined compliance as an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control.
We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board.
By implementing the following components in your compliance process:
Fig 1. Compliance Question Library
An appropriate combination of these methods results in the specific compliance methodology and creates the basis of the organisation’s compliance plan(s).
In order to be optimal, the compliance function should consider the following:
Apply a risk-based approach to assessing compliance obligations. Compliance requirements should be assessed as to their level of risk. This will include assessing the impact (both financial and non-financial) resulting from non-compliance and the assessed level of likelihood that non-compliance will occur. The level of risk should drive the approach to compliance: the higher the risk, the more extensive the process.
To achieve this consider:
Fig 2: Compliance Dashboard
Compliance is an essential component of any successful organisation. The key is to maximise the value created by the function and this requires a fine balance between effectiveness and efficiency. Optimisation of the compliance function requires an informed approach to weighing up the costs and benefits and when made correctly will result in the compliance function being viewed as an enabler of the business rather than a hindrance.
Read more about the definition of compliance and how the Obligations Register helps us gain an understanding of the rules we have to conform to.
Click here to learn more about how Protecht.ERM can be configured to suit your own risk management and compliance framework.
David Bergmark consults on a variety of market and enterprise risk management issues and is actively involved in the development and implementation of Protecht's risk management software (ERM and ALM). David started out in the audit division of Price Waterhouse in 1990, handling clients such as Macquarie Bank and Bankers Trust. By 1994 he was Risk Controller for Carrington Securities - a financial markets trading company. In 1996 David left Carrington to head up the Risk Management Department at IBJ Australia Bank (IBJA) where he was responsible for the development of all risk disciplines at the bank – market, credit, liquidity and operational.