You are on page 1of 2


The compliance framework needs to be contextualized so that it reflects not only the internal issues that affect the operation
of the organisation but it also the external environment. Here you must:
Establish what will be covered by the
compliance management system.

Identify obligations, these can be

both mandatory and or voluntary.

Ensure the compliance management

system (CMS) reflects the
organisations values, objectives,
strategy and compliance risks.

Build processes to identify new and

changed laws, regulations, codes and
other compliance obligations.

Identify and evaluate its compliance

risks through a formal compliance
risk assessment or conducted via
alternative approaches.

The governing body and top management should demonstrate leadership and
commitment to the compliance management system. Management also must show
commitment by:
Establishing a compliance policy that is appropriate for the organisation and
communicated to all levels of the business.


Assigning responsibilities and authority for relevant roles.

Establishing a recognised compliance function, even if not standalone.

The organisation needs to plan adequately to assure the

compliance management system can achieve its intended
outcome. Through planning you must:

Setting the right tone from the top, the governing body and leadership team
need to establish and uphold the organisations values.

Prevent, detect and reduce undesired effects of the CMS.

Achieve continual improvement in the CMS.

The framework needs to be monitored to ensure its effective,
current, and can identify instances where non-compliance
has occurred. Compliance indicators and reporting needs to
be established to help with this aspect. This includes:
A plan for continual monitoring should be established,
setting out monitoring processes, schedules, resources
and the information to be collected.
Conducting audits at least at planned intervals to provide
information on whether the compliance management
system is meeting its objective.

ISO 19600:2014

The compliance management system should drive continuous improvement in the
compliance program. This means:
When noncompliance occurs, the organization should take action to control and
correct it, and/or manage the consequences.

effectiveness of the CMS.

Identifying opportunities for improvement
of the compliance performance of the

The organization should seek to continually improve the suitability, adequacy and

If required, the framework should be

improved to address any short comings.

The operation of the compliance management system needs

to be managed and controlled. This includes:
Putting in place effective controls to ensure that the
organization's compliance obligations are met and that non
compliances are prevented or detected and corrected.
Outsourced processes need to be exposed to a due diligence
process to ensure that they will adhere to expected levels of
behaviour. All contractors and related third parties need to
be covered by the compliance management system.

The organisation needs to adequately support the
compliance management system. This includes:
Providing the resources needed for the establishment,
development, implementation, evaluation, maintenance
and continual improvement of the CMS.
All employees adhering to compliance requirements,
participate in training, report compliance concerns and
All staff should be provided with the necessary training
for them to undertake their duties while operating within
the framework.
Undertaking training when there are significant changes
or updates required or there have been a larger than
acceptable number of compliance breaches.
Raising awareness of the compliance policy and outlining
appropriate behaviour and the compliance culture of the
Developing a common, published standard of behaviour
that is required throughout every area of the organization.
Determining the need for internal and external
communications relevant to the CMS.
The compliance framework needs to be documented,
available and updated as required.

Solutions for the GRC Lifecycle

360 Degrees of Compliance

The increasing complexity of global compliance and regulatory changes impacting your organization creates
operational and business risk that demands a considered strategy and comprehensive program that identifies
risks, eliminates gaps, and delivers the flexibility to respond to changes systematically and proactively.
Having the proper tools and analysis in place to build and maintain your compliance program is essential to evaluate, execute
and evolve the supporting components and operational effectiveness of your program. A comprehensive Governance, Risk, and
Compliance (GRC) solution can serve as an organisations compliance system of record, streamlining and automating the
compliance process across the enterprise and ultimately providing a body of evidence needed to demonstrate program effectiveness.
There is a variety of published compliance guidance from governmental entities and regulatory bodies around the world.
From those published compliance guidelines SAI Global has distilled them into five key elements that enable
organisations to comply with those regulations and build effective compliance programs.

Grade Technology
Compliance Workspace
(regulations, legislation,


Living Code

Content Library


Instructor led



Third Party Risk


Surveys &

Gifts & Hospitality

Virtual Evidence

Incident Management
Conflicts of Interest

Compliance 360

& Reports

To learn more:
Call +61 2 8206 6060



Industry Leading
Analyst Recognition
Broad Capability

Focus on
Australian Market
Local Delivery Teams
Local Support
Teams & Hours
Prioritise Australian
Australian Hosting