Leading the way in Enterprise Risk Management

Compliance

Compliance relates to your obligations to conform to various regulations, it includes acts, bills and statuettes that are promulgated in law at federal, state and local levels. You may also want to treat corporate policies in a similar way. The difference with other risk types is that compliance is “cut and dried”, you comply or not. 

The trend in the compliance industry has been towards increasing “self-regulation”, where authorities are placing the onus on corporations to adhere to the various regulations and report incidents that occur.

In some cases the implications of breaching the regulations can be serious and costly, but in most cases the impacts in themselves are not large. It’s only when compliance breaches trend towards systemic proportions that regulators will step in. The cost to support a compliance framework can be costly to resource.

You may choose to use a risk-based approach to prioritise which particular aspects of compliance need more focus than others.

Steps in the compliance method

  1. Established the context of the compliance area, for example if it’s Industrial Relations, Trade Practices, etc
  2. Requirements Identification; obligations in various regulations are identified to be met, implying that there is some likelihood and consequence if this was breached.
  3. When applying a risk-based process, the inherent likelihood and consequence levels are assessed on the basis of the requirement not being fulfilled, the work tasks (i.e. controls) are temporarily ignored, even if they exist; giving the worst-case situation.
  4. Current work tasks (equivalent of preventative controls are identified)
  5. The effectiveness or the adequacy of the work tasks are assessed

The above completes the basic steps that allow requirements to be identified and ranked. It provides means for you to focus your resources on the most important obligations that needs to be adhered to. Similarly this provides indicators to where any improvements the work tasks may be needed.

Compliance Method In KnowRisk

The following diagram shows the way that KnowRisk supports managing compliance. You have latitude to follow any compliance process that you prefer and KnowRisk will accommodate this.

Compliance Diagram

Regulator / Licensing Authority

Most regulators merely set the obligations, and how you comply is left to you, e.g.:
  • The Act, Bill, etc provides a list of all compliance requirements for licensees and associates.
  • Regulators may set the timing and format of reporting.
  • Licence conditions and obligations are clearly numbered. This facilitates:

– A consolidated list of the terms and conditions of the each type of licence to assist licensees with identifying the compliance obligations relevant to the licence(s) they have been granted.

– Categorisation of licence conditions to assist with reporting obligations.

– A self-assessment framework for licensees to facilitate compliance with licence conditions and report non-compliance to the authority on a self-reporting basis.

Whilst regulators aim to identify all the compliance requirements for each type of licence in every operational scenario, there is usually also a proviso given in that the regulator will not be held liable if any particular scenario is omitted.

These points indicate that the compliance framework solution must cater for having a system that can store the obligations, provide a basis for categorising different aspects of the license, a self-assessment component and reporting mandatory reports.

Establishing Suitable Data Structures
 

Compliance will be effectively managed by understanding the different data sets that needs to be involved, how they are organised into structures and then applied in a holistic fashion as part of business operations. This is how KnowRisk supports your Compliance Function.

Definitions (Examples)

Type 1 breach

A licence obligation is categorised as Type 1 if a breach would have a critical impact on the regulatory policy objective(s). A breach of a type 1 licence obligation must be reported immediately to the authority.

Type 2 breach

A licence obligation is categorised as Type 2 if a breach would have a minor impact on the regulatory policy objective(s). Type 2 breaches are to be reported annually to the authority using an exception reporting approach.

Not reportable (NR)

A licence obligation is categorised as not reportable (NR) if a breach would have a non-material impact on regulatory policy objective(s) and/or there are other mechanisms whereby the authority will become aware of the breach. Breaches do not need to be reported to the authority – these obligations nevertheless remain licence obligations with which the licensee must comply.

Immediate Notification

A licensee must immediately notify the authority when they become aware of a breach of a Type 1 licence obligation. This notification must include:

  • A phone call
  • A letter

Setting Up Regulations in the Context Knowledge Base

The KnowRisk Context Knowledge Base caters for any data pertaining to Acts and Regulations that is best managed centrally. This information is then assigned to various Profiles that reflect situations where compliance needs to be evidenced in your business operations.

A Knowledge Base Context item is associated to as many different areas of your operations as relevant. Any changes made to the Knowledge Base item are automatically replicated wherever the item appears in context profiles of your operations, a huge saving in productivity.

Using Forms for Capturing Compliance Data

The Forms in KnowRisk are designed to give a user friendly means of data entry to staff, who are either occasional users who don’t want to learn to use a more complex system. 

Attestation that Staff Comply with Work Tasks
 

Staff will use Forms in Risk Canvas or RiskPad provided by the compliance department to review information about compliance that relates to them and to answer questions that needs to give assurance that work tasks are being fulfilled.

compliance

Staff will fill in the information requested of them, with the Form assisting them to fill in the data according to the business rules that have been built in.

Looking for a solution to your problem?

We are here to help