Compliance Management - What is it and how to get started?
Compliance management can be defined as the process by which managers, plan, organize, control, and lead activities that ensure compliance with laws and standards.
Without a clear understanding of the context, no headway is possible and we are deemed to run like a headless chickens! Hence, the very first task a compliance manager must undertake is the collect and analysis of information about the context at stake.
By context, I’m tackling two points:
- The regulation or norm. What is it about? Which are the subjected entities? What is the certification process? Who are the certification bodies? Is there a timeframe set by the regulators? What are the requirements and associated objectives? What are the usual pitfalls hindering the path to certification? What evidences are expected to prove compliance?
- The organization context. What is the organization compliance environnement (OCE), meaning which business processes and assets are subjected to the regulation or norm? What are the organization motivators and inducers? What are the risks incurred by the organization in case of non-compliance? What are the risks incurred by the organization by complying to the regulation or norms, meaning what are the potential expected constraints, impediments and additional costs associated to the compliance implementation and maintenance? Are there other similar compliance requirements already in place? What are the usual pitfalls for running such program in this organization? What are the risks of failure? What is the current level of in-house expertise and which additional expertise is required in the form of trainings or external assistance? Who are the internal stakeholders, including the program sponsors and third parties? What is the expected due date for compliance?