Complimentary Risk

and Compliance Checklist

| Regulatory Compliance
LexisNexis® Regulatory Compliance
LexisNexis® Regulatory Compliance is a legal obligations register and alerting solutions that combines
regulatory content with technology to empower you to take control of your compliance obligations.

About the Risk and Compliance Module

The Risk and Compliance Module provides guidance on the requirements for a compliance management
system, assisting in the development of an organisation’s compliance framework, addressing risks, rectifying
non compliance and more.

About the Expert

Simon Levy
CEO, Risk Management Institute of Australasia

Simon Levy has led an impressive career as a Non-Executive Director, Chief

Executive Officer and Senior Risk Leader. In his twenty plus years working in
the risk industry he has worked across a number of challenging and client centric
industry sectors from professional services, health and aged care, retail, and manufacturing. After 3 years
on the Board of the Risk Management Institution Australasia (RMIA), he was recently appointed as their
Chief Executive Officer. With a background in risk management, he is enthusiastic about collaboration and
promoting the risk profession. His professional values can be summed up as follows:

■ Honesty and Integrity

■ Resilience and Drive
■ Accountability and Dependability

Serving as the Chief Executive Officer at RMIA the leading professional risk body in the Australasian region,
Simon is playing a major role in shaping the risk profession, from education and accreditation through to
providing a network for risk professionals to connect, learn and grow together. A transformational leader
who tells stories that inspire action while at the same time recognising the threads of opportunity to
turn a vision into strategy execution. He is quickly gaining a credible voice within the risk industry and is
committed to enhancing the RMIA and the risk profession.

Regulatory Compliance 2
About the Expert
Martin Tolar
CEO, ISO Certified

Martin has over 17 years’ experience in compliance, risk, anti-bribery, ethics and
corporate governance. Martin has worked as the managing director of Australia’s
premier body for compliance and risk professionals. He was the chair of the ISO
committee responsible for the creation of ISO 19600 compliance management systems, and he was
the head of the Australian delegation to the ISO committee that created ISO 37001 anti-bribery
management systems.

Martin is the current Head of the Australian delegation to the ISO committee that is producing new
standards on Governance and Whistle Blowing, and chaired the committee that converted ISO 19600 into
ISO37301. Martin is the chair of this committee as well as the Australian Mirror Committee. He has spoken
at conferences on compliance in the United States, France, South Africa, Australia, Hong Kong, Singapore,
Malaysia and New Zealand.

Martin has led training sessions on compliance across Australia, New Zealand and Asia. These sessions
have involved small groups of less than 10 people and sessions of over 150 people and involving entire
businesses. Martin is also the co-author of ISO 19600 Compliance Management Systems: A Commentary
for Practitioners, published by LexisNexis.

Regulatory Compliance 3
 RISK AND COMPLIANCE CHECKLIST
This checklist has been designed to help you identify your
risk and compliance requirements.

Determining the Scope and Context of the Compliance Management System

Requirement Needs work Don’t know Meets requirement

Does the organisation determine the scope and context of its compliance
management system?

Does the organisation understand its context and identify the internal and
external issues that may affect its ability to achieve its strategic objectives and the
objectives of its compliance management system?

Does the organisation decide who the interested parties are and which of their
requirements will be addressed through the compliance management system?

Does the organisation establish the scope of its compliance management system
by determining its physical and organisational boundaries and deciding how the
compliance management system will apply to them?

Does the organisation use its compliance obligations as the foundation for
establishing, developing, implementing, evaluating, maintaining and improving its
compliance management system?

Does the organisation conduct a compliance risk assessment to identify

compliance risks that may affect its ability to achieve the objectives of its
compliance management system?

Demonstrating Leadership and Commitment to the Compliance Management System

Requirement Needs work Don’t know Meets requirement

Does the organisation demonstrate leadership and commitment to achieving the

goals of the compliance management system?

Does the organisation’s governing body and top management perform their roles
and responsibilities effectively and demonstrate leadership and commitment to
achieving the goals of the compliance management system?

Does the organisation develop, maintain and promote a compliance culture at all
levels of the organisation?

Does the organisation establish a compliance policy that is appropriate for the
organisation’s  purposes, meets best practice requirements and contributes to
continual improvement of the compliance management system?

Does the organisation assign responsibilities and authority to relevant roles to

ensure that the compliance management system meets the requirements of the
standard and communicate those responsibilities and authorities throughout
the organisation?

Regulatory Compliance 4
 RISK AND COMPLIANCE CHECKLIST

Planning for the Compliance Management System

Requirement Needs work Don’t know Meets requirement

Does the organisation plan its compliance management system by determining

and implementing the actions required to address risks and opportunities,
establishing compliance objectives and plans to achieve them, and ensuring that
any change is carried out in a planned manner?

Does the organisation determine its risks and opportunities and implement the
actions required to address them?

Does the organisation establish compliance objectives and plans to achieve them?

Does the organisation ensure that any change to the compliance management
system is carried out in a planned manner?

Does the organisation use its compliance obligations as the foundation for
establishing, developing, implementing, evaluating, maintaining and improving its
compliance management system?

Does the organisation conduct a compliance risk assessment to identify

compliance risks that may affect its ability to achieve the objectives of its
compliance management system?

Training and Supporting Personnel

Requirement Needs work Don’t know Meets requirement

Does the organisation ensure it provides training and support to its personnel so
that they can perform their compliance obligations effectively and achieve the
aims of the compliance management system?

Does the organisation have processes in place for recruiting competent personnel
with the appropriate knowledge and skills and the ability to apply them to achieve
the intended results of the compliance management system?

Does the organisation provide education and training, build awareness of

compliance issues and provide sufficient resources to all personnel on a
regular basis?

Does the organisation determine both internal and external communications that
are relevant to the compliance management system?

Does the organisation ensure that its compliance management system includes
documented information?

Regulatory Compliance 5
 RISK AND COMPLIANCE CHECKLIST

Operational Planning and Effective Controls

Requirement Needs work Don’t know Meets requirement

Does the organisation establish controls to manage its operations, compliance

obligations and associated compliance risks?

Does the organisation establish operational controls to manage its compliance

obligations and associated compliance risks?

Does the organisation establish effective controls to manage third-party

processes, products and services?

Evaluating the Compliance Management System

Requirement Needs work Don’t know Meets requirement

Does the organisation evaluate the compliance management system to ensure it

continues to be suitable, adequate and effective?

Does the organisation monitor the compliance management system and its
compliance performance?

Does the organisation establish an internal audit program to cover all of the
requirements of the best practice standard?

Does the organisation’s governing body and top management review the
compliance management system to ensure its continuing suitability, adequacy and
effectiveness?

Investigating and Rectifying Non-compliance

Requirement Needs work Don’t know Meets requirement

Does the organisation continually improve the suitability, adequacy, and

effectiveness of its compliance management system and establish a process for
reporting and investigating suspected instances of non-compliance, including
a corrective action process to manage nonconformities and a process for
compliance reporting?

Does the organisation continually improve the suitability, adequacy and

effectiveness of its compliance management system?

Does the organisation establish a process for reporting and investigating

suspected instances of non-compliance?

Does the organisation plan, establish, implement and maintain a corrective

action process to manage nonconformities, including a process for compliance
reporting?

Regulatory Compliance 6
Your Free Demonstration.
If you would like a demonstration of the Risk and Compliance module, click here.

About LexisNexis Regulatory Compliance

LexisNexis Regulatory Compliance is a legal obligations register and alerting solutions that combines regulatory content
with technology to empower you to take control of your compliance obligations.
We use leading legal and industry experts to provide a practical, plain English interpretation of all the relevant legislative
and regulatory materials, so you don’t have to.
Content is updated regularly, so you can access obligations which reflect the current legislative framework - saving you
significant cost and / or research time.
All content is supported with flexible technology options designed to meet your existing and future needs.
LexisNexis Regulatory Compliance makes your compliance journey fast and seamless.

Visit https://www.lexisnexis.co.uk/products/regulatory-compliance.html

About LexisNexis
LexisNexis is part of RELX Group, a world-leading provider of information and analytics for professional and business
customers across industries. LexisNexis helps customers to achieve their goals in more than 175 countries, across six
continents, with over 10,000 employees.

| Regulatory Compliance

RELX (UK) Limited, trading as LexisNexis®. Registered office 1-3 Strand London WC2N 5JR. Registered in England number 2746621. VAT Registered No. GB 730 8595 20. LexisNexis and the Knowledge
Burst logo are registered trademarks of RELX Inc. © 2022 LexisNexis SA-0622-025. The information in this document is current as of June 2022 and is subject to change without notice.