Managing compliance requirements with 4TQPolicy Compliance Manager


Introduction

What is compliance? "Adhering to the requirements of laws, industry and organizational standards and codes, principles of good governance and accepted community and ethical standards." AS 3806-2006 Compliance programs

The number of compliance requirements has increased in the last few years to a level where it takes significant resources to design, develop, implement, and maintain effective compliance programs. Also non compliance can result in penalties and damage to your reputation (which in the long term can have the greater impact than penalties).

How do organizations cope with managing compliance? Generally they have a range of policies and procedures for the conduct of their business that include compliance management issues. However they generally lack a coherent structure for managing and demonstrating compliance. In particular, there is inadequate risk assessment and mitigation of compliance requirements.

4TQPolicy Compliance Manager is designed to assist organizations manage compliance requirements effectively. Our approach is focused on:

  • Providing a coherent structure that enables you to identify and assess your compliance obligations,
  • Doing risk assessments to prioritize activities such as policy development and procedure development so compliance obligations are translated into practice.
  • Providing a means of integrating compliance obligations into existing practices and procedures.

The challenge in designing and developing a compliance program is to quickly get an overview of your compliance requirements and how these are currently being addressed and then produce a gap analysis.

Purpose

This article outlines how to:

  • use 4TQPolicy to develop a coherent structure of compliance obligations;
  • carry out an initial risk assessment of these obligations to prioritize the development of policies and procedures that translate the compliance obligations into practice; and
  • identify work needed to implement a compliance program.

Compliance Program Development Outline

  • Review compliance obligations documentation to determine the plan categories (such as Government, Legal, Financial, Business and Standards) and compliance plans (such as Business Objectives, Legislation and Standards).
  • Enter compliance plans into 4TQPolicy and produce the compliance plan register.
  • Determine the top priority plans for your organization.
  • Develop the initial policy sections and clauses based on your priority plans.
  • Map the compliance obligations in the plans to policy clauses.
  • Identify existing written policies for policy clauses and enter references in the policy statement text windows.
  • Carry out a high level initial risk assessment of policy clauses including tagging of clauses that do not have identified written policies.
  • Produce a gap analysis report based on the risks.
  • Determine and enter in section implementation or review dates as appropriate.
  • Load compliance obligation information into 4TQExplorer to allow mapping into the ways of working procedures.
  • Review the 4TQPolicy compliance management information to identify next steps such as:
      • Verification of compliance obligations and mapping, and initial risk assessments by appropriate managers.
      • Development of policy statements.
      • Documentation of associated processes.
      • Produce project closure report.

Outcomes

  • Compliance Obligation Plan Register in 4TQPolicy.
  • Policy framework in 4TQPolicy.
  • Compliance obligations clauses mapped to policy clauses.
  • High level risk assessment for the purpose of prioritizing implementation activities.
  • Risk register for compliance obligations.
  • Gap analysis report.
  • Identification of outstanding work.

Conclusions

The benefits of this approach include:

  • Simplification of the compliance obligations information so it is easier to read and understand.
  • Better understanding of compliance obligations’ risks and their associated controls so these obligations can be more effectively managed.
  • Producing a prioritised output report that enables focus on the highest risk items first.
  • A means of deploying compliance obligations into the ways of working so these obligations are translated into practice.
  • The ability to produce up-to-date compliance status reports that demonstrate how compliance obligations are being managed.

4TQPolicy Video

Click on the following link www.axioninnovations.com.au/4TQPolicy.htm to view a video on how to use 4TQPolicy to help manage compliance.

About the Author

Bob Digance is a principal consultant with Axion Innovations specializing in business process management and improvement and the effective use of 4TQ business process management applications.

For further information go to www.axioninnovations.com.au

      

Posted by Bob Digance at 16 Oct 2008, 4:02 AM
Categories: 4TQ Process Management Software
 

What did you think of this article?




Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Enter the above security code (required)

 Name

 Email (will not be published)

 Website

Your comment is 0 characters limited to 3000 characters.