Professional Documents
Culture Documents
2-30 - DH - Gestión Del Cumplimiento - Inglés
2-30 - DH - Gestión Del Cumplimiento - Inglés
compliance management
1
government industry
NGO’s
unions Mission:
The main knowledge
network for standards
development and
consumers standards application in
the Netherlands
consultancy/
academics
• Issuesin compliance
• Compliance and management systems
• ISO 19600:
– System: hard controls
– Culture and behavior: soft controls
3
4
5
Fraud culture because of targets to be
achieved
7
WM hoofdstuk 10
Waterwet vergunning
Atex
Drukvaten besluit
MEE
Ner
Gebruiksbesluit
BRZO / PGS 13
grondwater vergunning
E-PRTR
Technical Culture,
integrity behavior
Good compliance
performance
And
standards
System can assist!
9
De essence of a management system
Management
system
Good correspondence
ISO 9001
ISO 14001
Plan
ISO 45001
ISO 27001
Act Do ISO 22000
ISO 50001
Stakeholders Check Certificates
Feedback/
accountability
output Performance
The challenge
ISO 14001:2004
Environmenal management
PAS 55:2008
ISO 9001:2008 Asset management
Quality management
OHSAS 18001
OHS management
ISO 27001
BS 25999
Information
Business
security
Continuity
ISO 30301
Records
ISO 22000 management
Food safety ISO 28000
ISO 50001 Supply chain
energy management security
Flowermodel quality
Van NEN
Environment OH&S
Generic
core with
basic requirements
for a
management-
system
Other Safety
The solution: Plug-in model ISO MSS
Sector standards
ISO/TS 16949
ISO/TS 29001
ISO 22000
Exanples: Examples:
• Quality management • Automotive
• Environmental management • Food industry
• OH&S management • Oil & gas industry
Generic standards
on MS elements
Specific guidelines
ISO 9001 Common
structure and
ISO 19011
core
ISO 14001 requirements
ISO 10013
ISO 45001
HLS
Examples:
Examples: • Auditing
• Risk management • Documentation
ISO 31000
ISO 26000
ISO 19600
• Social responsibility
• Compliance management
MSS CORE
ELEMENTS
15
Draft ISO Guide 83 Annex SL text
High level structure and identical text for MSS and
common core MS terms and definitions
4. • Operational planning
Context of the organization
5. Leadership and control
18
Connecting HLS clauses en board room themes
(vertical linkages)
Support,
Themes Risk Compliance Stakeholder Process Improvement
Leadership management management management management (human)
HLS management
resources
4.2 4.2
Context of the 4 Context 4.1 Internal 4.4
stakeholders, Stakeholders
of the and external needs and needs and Management
organisation organization issues expectations expectations system
5.1 Integration 5.3
5
Leadership Leadership
system in 5.2 Policy Structure, roles,
business
responsibities
processes
6.1 addressing 6.2 objectives/ 6.2
Planning 6.1 Risks and
requirements in planning Objectives
opportunities planning
7.1/7.2
7.4 7
Support 7.1 resources resources, 7.1 Resources
Communication Support
competencies
8.1 8.1
Operation 8 Operational
Process
Risk control control
control
10.1, 10.2
10.2 10.1 correction, 10.1 correction, 10.1 correction, Corrective
Improvement improvement corrective action corrective action corrective acion actions and
improvement
Generic risk and compliance management
approach in ISO management standards
What is happening
what are the trends? What are the risks (threats/opportunities)?
Analysis, prioritization
4.1 Issues (factors) 6.1 Risk management
20
Two management levels in the HLS
(direction and control) External/internal issues and
developments
strategic analysis
Stakeholders, needs and
4.1/4.2 expectations
context
analysis
9.3
manage- 4.3/4.4
ment system
Input to management
6.1
addressing
Operational
risks and
opportunites risk and compliance
assessment
10
Corrective 6.2 objectives
Operational level
action and
improvement
PDCA
and planning
Control
“doing the things right”
9 Evaluation of
performance/
8 Operation
7 support
Operational
internal audit
controls
21
ISO 19600:
plug-in for compliance management
22
ISO 19600
Some important characteristics
• Guideline, not a standard with requirements
Not intended for certification
• Describes a management system
PDCA approach to compliance management
• Follows the High Level Structure (HLS)
Can be applied as ‘plug-in’ to ISO MSS
• Is risk-based
Compatible with ISO 31000
• Pays attention to cultural and behavioral aspects
23
ISO 19600
Some important terms/concepts
• Compliance
– meeting all the organization’s compliance obligations
• Compliance obligation
– requirement that an organization has to or chooses to
comply with
• Non-compliance
– non-fulfilment of a compliance obligation
• Compliance risk
– likelihood
of occurrence and the consequences of
noncompliance
24
ISO 19600 – risk based approach
Context of the organization
(issues, stakeholder requirements, needs and expectations)
25
ISO 19600
4.5 Compliance obligations
structure and content
5.1 leadership and commitment
4.5.1 identification van compliance obligations
✓ Upholding the core values of the organization
examples of compliance requirements
✓ Ensuring availability of resources
examples of compliance commitments
✓ Ensuring
Clauses (generic MSS) the integration of the compliance
Important management
compliance system
elements
4.5.2 Maintenance of compliance obligations
requirements into the organization’s business processes
Scope contact with regulatory agencies
Applicable to all types and sizes of
✓ communicating the importance of an effective compliance
agreements with legalorganizations
advisors
management
subscribing to information services
✓ ensuring alignment betweenCompliance,
Terms and definitions operationalcompliance
targets and obligations,
compliance
compliance culture
obligations
Context5.3
4.6
of the
identification, analysis andUnderstanding
organisatie
evaluation ofneeds
compliance risks
and expectations of
roles, responsibilities and accountabilities
a) Relating obligations tointerested
activities,parties,
products and services
Identification and
✓ Compliance function:
b) Identification causes and consequences
maintenance of non-compliances
of obligations, risk assessment of
• Authority and responsibility for the CMS
c) Determination of probability and severity
compliance obligations
• Clear and unambiguous support from and direct access to
d) Determination necessity and extentcommitment,
of control measures
Leadership governing body and topManagement
management policy, roles
and the governing &
body;
e) Periodic re-assessment responsibilities of governing body, top and line
• the authority and capacity to execute countervailing power
management, compliance function, employees
Planning Actions to address compliance risks
26
7.3.2 Behavior
ISO 19600
Role of top management:
✓ creating an environment where the reporting of noncompliance is
structure and content
encouraged and the reporting employee will be safe from retaliation;
✓ ensuring compliance is incorporated into the broader organization
culture
✓ ensuring that operational objectives and targets do not compromise
Clauses (generic MSS) Important compliance elements
compliance behaviour
Support Resources, competence, awareness, training,
behaviour, culture, commmunication,
Compliance culture
documentation
✓ a clear set of published values
Operation✓ management actively seen to be Controls to manageand
implementing obligations
abidingand desired
by the
behaviours
values
✓ mentoring,
Performance evaluation coaching and leading
Monitoring compliance performance, evaluation,
by example
compliance
✓ visible recognition of achievements reporting, management
in compliance audit & managrement
and
review
Improvementoutcomes
✓ prompt and proportionate disciplining
Management
in theofcase
non-compliances (including
of wilful or negligent
escalation procedures)
breaches of compliance obligations
✓ open communication
27
4.1 Identification of Compliance MS according to ISO 19600
external and internal
issues 4.3/4.4 Determining
Good governance
the scope and
principles
establishing the CMS
4.2 Identification of
stakeholder
requirements
5.2 Establishing
compliance policy
Compliance culture:
the values, ethics and beliefs that exist
4.5/4.6 Identification
throughout an organization and interact with
of compliance
the organization’s structures andandcontrol
obligations
evaluating compliance
systems to produce behavioral risksnorms that are
conducive to Maintain
compliance outcomes Develop
5 Leadership
Independent
10 Managing non- 6.1 Planning to address
compliance function
compliances and compliance risks and to
5.3 Responsibilities at
continual improvement achieve objectives
all levels
7 Support functions
Evaluate Implement
accepted by stakeholders
Monitoring,
Determination Determination
(“license to operate”)
measuring Analyzing non-
of: of:
Implementation Analyzing and conformities
• scope CMS • Controls
and operation of evaluating Correctives
• compliance • Objectives
control Reporting actions
obligations and
measures Internal audit Escalation
• compliance programmes
Management Improvement
risks to achieve
review
Overview of
Overview of
Overview of Overview of results Overview of
implemented
compliance planned Reports corrective
controls for
obligations and controls and Results of actions and
departments
risks objectives audits and improvements
and persons
reviews
people do
Commitment: motivation to invest efforts in the interest of the organization;
supported by respectful treatment of employees
Transparency: seeing the effectssometimes bad
of their own behavior as well as the
behavior of others.
things
Openness: freedom people have to discuss opinions, feelings, dilemmas
and transgressions at work.
Enforcement; extent to which people within the organization are valued and
rewarded for exhibiting desired behavior and punished for undesirable
behavior
30
Behavioral aspects in ISO 19600
Themes Clarity
Role
Achievability Commitment Transparency Openness Enforcement
HLS modelling
Context of the
organisation
Leadership Roles,
Policy Role of
Leadership roles, Leadership Leadership
management
responsibility,
responsibilities accountability
Planning Objectives
Clear
Operation procedures
Correction and
Improvement Escalation corrective
actions
Use of ISO 19600
ISO 19600 ISO 19600
Company Authorities
Supplier
Q H S E
client
ISO 19600
33
Standards for
compliance ??
Still the missing link in ISO
management
Technical Culture,
Integrity behavior
Good
compliance
performancer ISO 45001 –OH&S
ISO 19600 - compliance
ISO 31000 – risk
management
ISO 31010 – risk
ISO 55000-series on asset
System assessment techniques
management ISO 14001 - environment
Many technical standards
34
More information
www.nen.nl/compliance
dick.hortensius@nen.nl
https://committee.iso.org/home/tc309
35