The three main goals of an integrated compliance management system are to create due care records of your compliance efforts, identify opportunities for improvement, and proactively manage your risks.
Well designed Compliance Obligations Registers provide a foundation from which you can achieve these goals. These lists should:
- provide accurate 360 degree coverage of your compliance obligations,
- link obligations to compliance actions, audits, and reporting tools, and
- capture your internal controls, procedures and policies.
We recommend that you personalize these lists to reflect your company’s structure and operational context. This facilitates coordination and integration of your compliance efforts. In this post, we’ll outline how to create personalize compliance obligations lists, and their benefits
Set up your Compliance Obligations lists
Depending on how your business is organized, you may want to create several lists. You could build a Compliance Obligations Register for each department, division, or type of facility. In order to accurately map compliance obligations to these areas, your lists should filter for applicable obligations in a way that allows your team to organize the information for compliance actions. Some ideas for structuring your compliance obligations includes adding information such as relevant:
- industrial activities (manufacturing, natural resource extraction, corporate,…),
- jurisdiction or regulatory body (national, state-level, municipal,…),
- external obligations sources (legislation, industrial standards,…),
- internal obligations sources (policies, stakeholder commitments,…), and
- relevant compliance topics, (environmental, health and safety, financial,…).
Once your registers are set up to provide 360 degree coverage of your business operations, you should attach actions to bring yourself into compliance with all of your identified obligations. In most cases your obligations will be arranged in a table format to you to easily track:
- which compliance actions need to be taken,
- who is responsible for these actions, and
- when these actions need to be completed.
Ideally, the tool you use to build your Compliance Obligations Registers will allow you to assign and track actions through email notifications, or an internal messaging system, and capture evidence of compliance measures. The ability to track and report on compliance gaps is critical for any successful compliance system.
Improve reporting and internal controls
Once your organization has established a personalized Compliance Obligations Register to manage your obligations and take actions it is time to conduct spot checks on your team. We recommend small, but frequent, internal audits to verify if:
- actions were taken on time, and
- actions resolved compliance issues that were identified during the obligations identification phase.
A strong and personalized Compliance Obligations Register facilitates auditing and provides important data for compliance assurance. This helps you readily identify opportunities for improvement and connect obligations to your internal controls.
Benefits of personalizing your compliance obligations lists
The benefits of personalizing Compliance Obligations Registers to your organization’s requirements include:
- effectively managed compliance obligations updates,
- standardized records of compliance measures and actions taken,
- easily accessible data for auditing, and
- obligations linked to internal controls.
Together, these advantages help you to coordinate compliance efforts across your business, and integrate your system. The key is to turn your compliance system into a tool for continuous improvement and proactive management of your risk. Avoiding compliance problems before they occur is the biggest impact a compliance program can have for any organization.
Munaf von Rudloff, Comprehensive Compliance Expert