c. Setting up a compliance program
Related to this topic:
| Clients can outsource the setting-up of the information security function to CyTRAP Labs, ensuring that all the necessary policies, functions and procedures are dealt with in an appropriate, effective and cost efficient manner. |
| When acting in this capacity, CyTRAP Labs confirms any course of action that it will take regarding technology, security procedures, baseline measures and metrics with a client beforehand |
_setting up the compliance program__Regulatory compliance can function as a tool for organizations to continuously enhance the quality of business procedures and so to optimize the company’s performance and service level to its customers.
Unfortunately, compliance efforts may be ill-structured and thereby fail to meet the functional obligations assigned to them. The compliance risk is defined as the risk the organization may suffer as a result of its failure to comply with:
– applicable laws,
– regulation,
– codes of conduct and
– standards of good practice
the compliance risk includes:
– legal and regulatory risk;
– reputation risk;
– litigation risk;
– risk of financial loss
_what is needed to operate a well-structured compliance program?_
To manage and control these compliance-related risks, systems and processes must be:
-established to assure accountability for minimizing risks for internal (employee), external (employee of another firm) or mixed fraud (that is committed through complicity between a person inside the firm and an outside party);
-implemented to allow the rigorous procedure regarding the receipt (tracking of incoming complaints so none get ‘lost’ or ‘detoured’) and processing of complaints as well as independent monitoring of complaints;
– track remedial actions to mitigate risks in accordance with the corporation’s or adhered industry standard for plans of action and milestones;
– ensure that all users receive periodic compliance awareness briefings (e.g., privacy, IT security and standards) and copies of rules of behavior regarding their responsibilities and consequences (regulatory, individual and corporate) in case of non-compliance;
– assure that necessary certifications (e.g., to use particular label such as ‘organic farming.’) can be protected.
The compliance policy has to be institutionalized by setting up a permanent and independent compliance function within the organization. As importantly, the Board of Directors as to ensure that the compliance function is authorized to contact the
Chief Executive Officer or the Board of Directors directly, as deemed necessary.
As well, a corporate culture that values both the letter and the spirit of the law is critical to establish an effective compliance function.
__compliance – setting up policies and their implementation_
An enterprise may not be able to provide all services internally or choose for other reasons to get support from an outside expert. Such services may include but not be limited to:
– advise management on the applicable laws, regulation, rules and standards and
inform them about any developments in these areas;
– establish written guidelines to staff and service providers on the appropriate
implementation of the laws, regulation, rules and standards through policies and
procedures (Compliance manual, code of conduct);
– assess the appropriateness of internal policies, procedures and guidelines, ensure a
follow-up of any identified deficiencies, make recommendations for amendments,
where necessary, and supervise the implementation of corrective measures to
mitigate the identified deficiencies;
– educate staff with respect to compliance with the applicable laws, rules and
standards and act as advisor on compliance queries from staff members;
– establish and/or supervise appropriate compliance checks and controls
_relationship with internal audit_
The compliance function is separate from the internal audit function. Where feasible,
compliance may consider delegating certain tasks to internal audit, or coordinating certain compliance matters. The work and performance of the compliance function is subject to periodic review by internal audit.
_policies, requirements and operations of the compliance function_
You can get more information about what general tasks and specific job responsibilities may be assigned to a chief compliance officer below.
Important is to understand that these tasks and jobs must be done regardless whether the position is being kept in-house or is being outsourced.
To set up the compliance function, two things are necessary beforehand:
1) the compliance policy should define the basic issues regarding the risk of compliance, explain the compliance principles as set by the board of directors introduce the compliance function, define its objectives and independence, require the elaboration of compliance charter/strategy, and establish a continuous education program in the area of compliance.
2) the operation of the compliance function should be laid out in the compliance charter/strategy (chief compliance officer – running the function)
For more information about other tasks that can be outsourced see:
_EFFICIENCY_
Since 2000 we have been providing alerts, tips, tricks, white papers and legal briefs for people like yourself. Why not save yourself some time, provide us with your e-mail address and get better information sent to your in-box in upcoming weeks?
See also: