Are You Just Going Through the Motions?
The cornerstone of any sustainable compliance model is the ability to provide the right measures at the right time to deal with the right requirements. It is no good having the right structures, systems and people engaged in managing your compliance with all the legislation, standards and policies your company has to comply with if the overall monitoring program that drives what gets measured and managed is flawed. Then you could find you are just going through the motions with some nasty surprises when the wheels come off. You need to be proactive rather than always responding to unintended consequences. That means a solid process of setting up and driving your monitoring program.
Do You Have the Right Intel?
To make sure you are monitoring the right things at any point in time, you need to have the right risk assessments providing the intelligence to enable you to focus on the requirements that are already in trouble or have the potential to go wrong and create risks for your company.
What Are All the Regulatory Requirements?
This means you need an understanding of all the requirements the company has to comply with that covers legislation, standards and policies. In our TP-RCS solution we talk about a Regulatory Universe and here we capture all these requirements. This is a service we offer and is covered under the heading: Summary and Detail Level Requirements.
Where Are the Major Risks in Your Regulatory Universe?
Only with such a structure in place is it then possible to risk assess the requirements and identify the problem areas in your Regulatory Universe. This is a dynamic picture that needs to be constantly updated and periodically reviewed as risks are surfaced during the Plan-Action-Review-Attest cycle. We assist companies in setting up their Regulatory Universe and creating the framework within which risk assessments can be carried out meaningfully across, what is normally, a considerable landscape of legislation, standards and policies. See our service under the heading: Regulatory Universe.
How Often Do You Need to Review?
With a Regulatory Universe that is broken down into all the requirements, and risk escalations throughout the year being fed into this model, it sets the stage for being able to put together a monitoring program.
This is normally a cyclical requirement with at least an annual review of the overall compliance “system” in the company. The number of reviews will be dictated by various factors including the nature of the business and degree of risk the company is exposed to by virtue of its operations.
How Good Are Your Control Measures?
One other requirement for a sound monitoring program is the effectiveness of setting up the right control measures where risks are identified. Typically when new regulations have to be adopted by a company, the changes that this gives rise to must include the right control measures to ensure a sustainable level of compliance is able to be delivered. If you have missing control measures when your regulatory change project hands over to the business you could end up with those nasty surprises mentioned earlier. We assist companies in determining the effectiveness of the control measures that are set up to manage risks in the regulatory environment. Normally this is achieved through the reviews and assessments covered under the heading: Risk-based Reviews and Assessments.
A Sound Foundation and Solid Monitoring Program Delivered
Having developed the picture of a Regulatory Universe with all its requirements, risk assessments and escalations being captured on an ongoing basis into this model, a periodic cycle of reviewing compliance and a sound process of setting up control measures where risks are indentified and checking their effectiveness, it is now possible to put a monitoring program in place that is not just going to result in staff going through the motions because of a flawed compliance “system”. A sound foundation is essential to get your monitoring program right. We help clients put monitoring programs together by establishing the foundations and building the content of their programs. It is offered as a separate service or can be included as part of our automated solution for regulatory compliance called TP-RCS that is covered under Regulatory Risk Solutions on the Home page.
Request a call back
Should you wish to find out more about this or any of our other Regulatory Risk Services or Solutions, request a call back from one of our team by completing the Request form.