CONTEXT OF THE ORGANISATION The compliance framework needs to be contextualized so that it reflects not only the internal issues that affect the operation of the organisation but it also the external environment. Here you must: • Establish what will be covered by the compliance management system. • Identify obligations, these can be both mandatory and or voluntary. • Ensure the compliance management system (CMS) reflects the organisation’s values, objectives, strategy and compliance risks. • Build processes to identify new and changed laws, regulations, codes and other compliance obligations. • Identify and evaluate its compliance risks through a formal compliance risk assessment or conducted via alternative approaches. LEADERSHIP The governing body and top management should demonstrate leadership and commitment to the compliance management system. Management also must show commitment by: • Establishing a compliance policy that is appropriate for the organisation and communicated to all levels of the business. PLANNING • Assigning responsibilities and authority for relevant roles. • Establishing a recognised compliance function, even if not standalone. The organisation needs to plan adequately to assure the compliance management system can achieve its intended outcome. Through planning you must: • Setting the right tone from the top, the governing body and leadership team need to establish and uphold the organisation’s values. • Prevent, detect and reduce undesired effects of the CMS. • Achieve continual improvement in the CMS. EVALUATION The framework needs to be monitored to ensure its effective, current, and can identify instances where non-compliance has occurred. Compliance indicators and reporting needs to be established to help with this aspect. This includes: • A plan for continual monitoring should be established, setting out monitoring processes, schedules, resources and the information to be collected. • Conducting audits at least at planned intervals to provide information on whether the compliance management system is meeting its objective. ISO 19600:2014 Compliance Management Systems OPERATION IMPROVEMENT The compliance management system should drive continuous improvement in the compliance program. This means: • When noncompliance occurs, the organization should take action to control and correct it, and/or manage the consequences. effectiveness of the CMS. • Identifying opportunities for improvement of the compliance performance of the organization. • The organization should seek to continually improve the suitability, adequacy and • If required, the framework should be improved to address any short comings. The operation of the compliance management system needs to be managed and controlled. This includes: • Putting in place effective controls to ensure that the organization's compliance obligations are met and that non compliances are prevented or detected and corrected. • Outsourced processes need to be exposed to a due diligence process to ensure that they will adhere to expected levels of behaviour. All contractors and related third parties need to be covered by the compliance management system. SUPPORT The organisation needs to adequately support the compliance management system. This includes: • Providing the resources needed for the establishment, development, implementation, evaluation, maintenance and continual improvement of the CMS. • All employees adhering to compliance requirements, participate in training, report compliance concerns and failures. • All staff should be provided with the necessary training for them to undertake their duties while operating within the framework. • Undertaking training when there are significant changes or updates required or there have been a larger than acceptable number of compliance breaches. • Raising awareness of the compliance policy and outlining appropriate behaviour and the compliance culture of the organisation. • Developing a common, published standard of behaviour that is required throughout every area of the organization. • Determining the need for internal and external communications relevant to the CMS. • The compliance framework needs to be documented, available and updated as required. Solutions for the GRC Lifecycle 360 Degrees of Compliance The increasing complexity of global compliance and regulatory changes impacting your organization creates operational and business risk that demands a considered strategy and comprehensive program that identifies risks, eliminates gaps, and delivers the flexibility to respond to changes systematically and proactively. Having the proper tools and analysis in place to build and maintain your compliance program is essential to evaluate, execute and evolve the supporting components and operational effectiveness of your program. A comprehensive Governance, Risk, and Compliance (GRC) solution can serve as an organisation’s “compliance system of record,” streamlining and automating the compliance process across the enterprise and ultimately providing a body of evidence needed to demonstrate program effectiveness. There is a variety of published compliance guidance from governmental entities and regulatory bodies around the world. From those published compliance guidelines SAI Global has distilled them into five key elements that enable organisations to comply with those regulations and build effective compliance programs. Provides Enterprise Grade Technology Compliance Workspace (regulations, legislation, standards) ERM Audits Living Code Content Library Certification Instructor led Policy Management 5,000+ Translations Third Party Risk Management Surveys & Assessments Gifts & Hospitality Virtual Evidence Room Incident Management Conflicts of Interest Compliance 360 Dashboard & Reports To learn more: Visit www.saiglobal.com/compliance Email [email protected] Call +61 2 8206 6060 Significant Investment Global Pedigree Industry Leading Innovation Analyst Recognition Broad Capability Focus on Australian Market Local Delivery Teams Local Support Teams & Hours Prioritise Australian Customers Australian Hosting Local Focus www.saiglobal.com/compliance