About BWise

Blog

Keys to a Tailor-Made Compliance Program

May 17, 2016 by
Filed under: Governance, Risk and Compliance, Compliance Management

“Is there an order for implementing processes of a compliance program?” This was an interesting question from the audience after a recent webinar, where I covered processes of a compliance program (see Figure 1).


Figure 1: Compliance Cycle

All these processes are important and often applicable to all organizations, however, the challenge is, where do I start? During the webinar my colleague Ladd Muzzy and I stated that there is no required order for implementing the processes seen above. An organization can choose to begin with any process depending on where the highest business value can be achieved or the how biggest pain point can be resolved. For example, one could decide to start with documenting regulatory requirements in the Governance, Risk and Compliance (GRC) Framework, before performing control testing and reporting the results.

The compliance enforcement cycle

Compliance needs to be embedded in the organization and complying is mandatory in its nature. Non-compliance can have major financial impacts in addition to reputation. Compliance starts with documenting control objectives from external requirements (laws and regulations), internal requirements (policies) and risks identified in business processes. This is not a onetime activity, it also needs to cover:

  • managing changes coming from various external and internal sources
  • performing impact assessments; what business activities, locations, policies, control objectives, etc. are affected by the changes
  • updating processes to inform and train the organization.

The first line business management continuously tests control effectiveness while the second line Compliance monitors successful executions by the first line. Optionally the third line Internal Audit can perform independent audits over the control test results. Risks can be compared between business units by mapping control objectives to risks and executing compliance risk assessments.

Identified issues need a mitigating action plan or acceptance by the business. Timely follow-up to actions needs to be tracked, including notifications and alerts. Regulatory exams and inquiries can be seen as a specific type of action plan to ensure timely and high-quality follow-ups, meeting deadlines and taking advantage of the information from previous activities.

Empower the Management Team to interpret results and act accordingly

Reports show compliance per control objectives, compliance categories, external and internal requirements, activities, locations, business units, controls, etc. However, it is essential to have a dashboard to provide to the management team insight on the compliance status and what issues require their immediate attention. 

  • What issues require immediate attention to resolve? 
  • What is the risk if they are not solved in a timely manner? 
  • How serious is the consequence of non-compliance? 
  • Are there any gaps in the compliance program? 
  • Are controls in high risk compliance areas, or is a specific business unit performing poorly? 
  • What are the causes of poor performance, for example by people, processes or systems?

Organizations should embed a solid set of compliance processes while reducing the costs and burden of compliance. This can be achieved by implementing a sophisticated GRC software platform. All compliance steps and processes should be implemented in an integrated platform which reuses information as much as possible and provides meaningful reports to management.   

Tags: GRC, Compliance

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up