ISO 19600:2014 Compliance Management Systems CONTEXT OF

CONTEXT OF THE ORGANISATION
The compliance framework needs to be contextualized so that it reflects not only the internal issues that affect the operation
of the organisation but it also the external environment. Here you must:
• Establish what will be covered by the
compliance management system.
• Identify obligations, these can be
both mandatory and or voluntary.
• Ensure the compliance management
system (CMS) reflects the
organisation’s values, objectives,
strategy and compliance risks.
• Build processes to identify new and
changed laws, regulations, codes and
other compliance obligations.
• Identify and evaluate its compliance
risks through a formal compliance
risk assessment or conducted via
alternative approaches.
LEADERSHIP
The governing body and top management should demonstrate leadership and
commitment to the compliance management system. Management also must show
commitment by:
• Establishing a compliance policy that is appropriate for the organisation and
communicated to all levels of the business.
PLANNING
• Assigning responsibilities and authority for relevant roles.
• Establishing a recognised compliance function, even if not standalone.
The organisation needs to plan adequately to assure the
compliance management system can achieve its intended
outcome. Through planning you must:
• Setting the right tone from the top, the governing body and leadership team
need to establish and uphold the organisation’s values.
• Prevent, detect and reduce undesired effects of the CMS.
• Achieve continual improvement in the CMS.
EVALUATION
The framework needs to be monitored to ensure its effective,
current, and can identify instances where non-compliance
has occurred. Compliance indicators and reporting needs to
be established to help with this aspect. This includes:
• A plan for continual monitoring should be established,
setting out monitoring processes, schedules, resources
and the information to be collected.
• Conducting audits at least at planned intervals to provide
information on whether the compliance management
system is meeting its objective.
ISO 19600:2014
Compliance
Management
Systems
OPERATION
IMPROVEMENT
The compliance management system should drive continuous improvement in the
compliance program. This means:
• When noncompliance occurs, the organization should take action to control and
correct it, and/or manage the consequences.
effectiveness of the CMS.
• Identifying opportunities for improvement
of the compliance performance of the
organization.
• The organization should seek to continually improve the suitability, adequacy and
• If required, the framework should be
improved to address any short comings.
The operation of the compliance management system needs
to be managed and controlled. This includes:
• Putting in place effective controls to ensure that the
organization's compliance obligations are met and that non
compliances are prevented or detected and corrected.
• Outsourced processes need to be exposed to a due diligence
process to ensure that they will adhere to expected levels of
behaviour. All contractors and related third parties need to
be covered by the compliance management system.
SUPPORT
The organisation needs to adequately support the
compliance management system. This includes:
• Providing the resources needed for the establishment,
development, implementation, evaluation, maintenance
and continual improvement of the CMS.
• All employees adhering to compliance requirements,
participate in training, report compliance concerns and
failures.
• All staff should be provided with the necessary training
for them to undertake their duties while operating within
the framework.
• Undertaking training when there are significant changes
or updates required or there have been a larger than
acceptable number of compliance breaches.
• Raising awareness of the compliance policy and outlining
appropriate behaviour and the compliance culture of the
organisation.
• Developing a common, published standard of behaviour
that is required throughout every area of the organization.
• Determining the need for internal and external
communications relevant to the CMS.
• The compliance framework needs to be documented,
available and updated as required.
Solutions for the GRC Lifecycle
360 Degrees of Compliance
The increasing complexity of global compliance and regulatory changes impacting your organization creates
operational and business risk that demands a considered strategy and comprehensive program that identifies
risks, eliminates gaps, and delivers the flexibility to respond to changes systematically and proactively.
Having the proper tools and analysis in place to build and maintain your compliance program is essential to evaluate, execute
and evolve the supporting components and operational effectiveness of your program. A comprehensive Governance, Risk, and
Compliance (GRC) solution can serve as an organisation’s “compliance system of record,” streamlining and automating the
compliance process across the enterprise and ultimately providing a body of evidence needed to demonstrate program effectiveness.
There is a variety of published compliance guidance from governmental entities and regulatory bodies around the world.
From those published compliance guidelines SAI Global has distilled them into five key elements that enable
organisations to comply with those regulations and build effective compliance programs.
Provides
Enterprise
Grade Technology
Compliance Workspace
(regulations, legislation,
standards)
ERM
Audits
Living Code
Content Library
Certification
Instructor led
Policy
Management
5,000+
Translations
Third Party Risk
Management
Surveys &
Assessments
Gifts & Hospitality
Virtual Evidence
Room
Incident Management
Conflicts of Interest
Compliance 360
Dashboard
& Reports
To learn more:
Visit www.saiglobal.com/compliance
Email [email protected]
Call +61 2 8206 6060
Significant
Investment
Global
Pedigree
Industry Leading
Innovation
Analyst Recognition
Broad Capability
Focus on
Australian Market
Local Delivery Teams
Local Support
Teams & Hours
Prioritise Australian
Customers
Australian Hosting
Local
Focus
www.saiglobal.com/compliance