Compliance -a how-to guide
Compliance -a how-to guide
Achieving regulatory compliance has rocketed up the priorities lists of senior executives in Australia and across the world in recent months, as the corporate collapses of Enron and WorldCom in the US, and the likes of HIH in Australia, has resulted in a raft of new corporate laws designed to create more transparency and avoid future catastrophes. In the next few pages, we are going to examine what this all means for Australian business.
Firstly, Steve de Mamiel talks about how compliance can help companies cut costs - protecting the bottom line by adopting a compliance culture.
An effective compliance culture can protect a business's bottom line by reducing the risk of both civil and criminal liability. It can also have valuable marketing spin-offs in brand building and corporate reputation by improving consumer trust and confidence in your business.
Who is affected by compliance?
Compliance affects every owner, director, officer and senior manager of a business that must satisfy either industry-specific or general (environmental, occupational health and safety, planning, trade practices) legal requirements.
Directors and senior managers run a risk to personal reputations, careers and the business brand by ignoring or only paying lip service to compliance.
Speaking to the Australian Compliance Institute in late 2003, Justice French said: "A culture [of compliance] does not require robotic risk-averse managers and staff. It is defined by active organisational engagement with legal and regulatory requirements. It is supported by structures, programs and procedures designed to ensure that the conduct of management employees accords with the law and regulatory codes. In best practice cases it will be manifested by a commitment to an ethical framework that predisposes members of the organisation to lawful decision making because it seems right, even if the detail of the law is not known by the decision maker."
To build a compliance culture, an organisation needs to design and implement a compliance program for its business. There is no one-size-fits-all: a compliance program needs to fit with the particular business and match its size, complexity, environment and industry. This should be done in these easy steps:
• Do a compliance risk assessment which should indicate the areas where your business is most at risk.
• Formalise or enhance business processes to address the compliance risks and gaps as identified through the risk assessment.
• Implement this program.
Know what you are aiming for
A compliance program aims to reduce an organisation's risk of breaching important requirements including laws, company policies and industry codes. An effective compliance program should therefore aim to identify and respond to breaches effectively, and where possible, to have controls and processes that prevent breaches. It should also aim to promote an attitude and ethos in the organisation of doing business in a way that fits with legal and regulatory requirements, while providing the systems and adequate resources (eg staff, technology and money) to enable the ongoing maintenance, monitoring, supervision and improvement of the compliance system.
Attributes of effective compliance programs include:
Commitment from the top level-crucial to the success of a compliance program is public support from the board and executive management. Not only must they verbally support the program but they should prove that it is an integral part of how the organisation does business through their decisions and behaviours.
Accountability-all staff should be help responsible for compliance within their own area, with rewards for those who have implemented it correctly.
Checks and balances-every organisation should have a compliance framework consisting of detailed written policies and procedures covering operational and behavioural issues.
Resources-companies should invest in dedicated resources for implementing a compliance program including budget to cover technology and training, as well as any incremental costs which may occur.
Access-organisations should ensure there is ongoing communication and training about compliance issues to all staff as well as stakeholders (including subcontractors, distributors and vendors).
Data-regular monitoring and data collection (including auditing and reporting mechanisms) on how the program is working and how breaches are handled should be made available.
Continuous improvement-a regular review by line managers and top management as to what works and what doesn't will ensure the compliance program remains effective. Acting on the results is also crucial to this part of the process.
Creating a compliance culture
To create a compliance culture, an organisation needs to make the compliance program part of the business and part of the mindset and responsibility of each employee. By communicating constantly, visibility for the compliance program will increase. From an employee perspective, building compliance-related key performance indicators (KPIs) into each employee's remuneration package will increase accountability while including compliance in business cases for budgets and strategic initiatives and making compliance an agenda item at board meetings will increase visibility at a more strategic level.
Making sure there is no disconnect between theory and practice is imperative to the success of any compliance program. A culture that forces or encourages 'profit at any cost' behaviours will cancel out any value in having documented compliance procedures. Likewise transparency is crucial. Setting up management information systems that provide timely and relevant information to the board and executive management about the organisation's compliance as well as whistle-blowing systems and clear, transparent reporting procedures will all contribute towards an effective compliance program.
Compliance doesn't have to be a burden on your business. By creating a compliance culture, companies can avoid liability and protect their corporate reputation.
Related Article: