In a previous article we wrote about the Key Components of a Compliance Framework, what is compliance and the importance of the Obligations Register and the relevant rules.
We defined compliance as an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control.
We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board.
By implementing the following components in your compliance process:
Fig 1. Compliance Question Library
An appropriate combination of these methods results in the specific compliance methodology and creates the basis of the organisation’s compliance plan(s).
In order to be optimal, the compliance function should consider the following:
Apply a risk-based approach to assessing compliance obligations. Compliance requirements should be assessed as to their level of risk. This will include assessing the impact (both financial and non-financial) resulting from non-compliance and the assessed level of likelihood that non-compliance will occur. The level of risk should drive the approach to compliance: the higher the risk, the more extensive the process.
To achieve this consider:
Fig 2: Compliance Dashboard
Compliance is an essential component of any successful organisation. The key is to maximise the value created by the function and this requires a fine balance between effectiveness and efficiency. Optimisation of the compliance function requires an informed approach to weighing up the costs and benefits and when made correctly will result in the compliance function being viewed as an enabler of the business rather than a hindrance.
Read more about the definition of compliance and how the Obligations Register helps us gain an understanding of the rules we have to conform to.
Click here to learn more about how Protecht.ERM can be configured to suit your own risk management and compliance framework.
David Bergmark is the Chief Executive Officer and co-founder of the Protecht Group. David’s vision and passion is to use technology to drive best practice risk management and embed risk management within each one of Protecht’s clients. He is the driving force behind the Protecht.ERM system and the integration of Protecht’s Software, Advisory, Training and Consulting capabilities to provide a consistent and seamless risk management experience for clients.