Companies increasingly find themselves caught in a compliance bind. There seems to be a wide and growing range of laws, standards, codes, accords and best practices with which it must – or should – comply. But how, and which ones?
“It is important for companies to focus on the right things when it comes to compliance,” says Bradley Janse van Rensburg, solutions design manager at ContinuitySA. “Without that focus, they can easily get lost in the compliance swamp.”
Based on his experience in this area, Janse van Rensburg offers some best practices to help companies create a robust compliance framework that supports their overall business strategies.
* Assign executive support. This should ideally be a board member with accountability for compliance.
* Create a risk, audit and compliance function. For a small company, this might be a two-days-a-month job for an existing staff member; for a large corporation it could be a distinct department supported by a variety of independent committees. This function’s mandate should include a direct line to the board should the normal chain of command need to be bypassed.
* Confirm and document the regulations with which the company must comply. The company’s size and the industry in which it operates will have a bearing on the applicable laws and regulations to which it must comply. In addition, there may well be standards with which it wants to comply in order, for example, to gain competitive advantage, increase its resilience or reduce its insurance premiums.
The exact terms of each regulation or standard need to be taken into account – there is a world of difference between mandatory compliance and a recommendation.
* Develop an action plan. Having listed the ‘compliance components’, creating an action plan for achieving them is the logical next step. The action plan should include time frames.
* Measure, and report on, compliance regularly. Compliance is a not a once-off activity, and needs to be built into the day-to-day business processes and culture of the company. Various types of custom or off-the-shelf software can be used to automate parts of this maintenance process – but the primary need is to understand the management framework the software is supporting.
Measuring whether compliance has in fact generated the expected benefits is also an exercise that must be undertaken.
Over the long term, it is important to keep an eye on which regulations or standards are on the horizon, and, says Janse van Rensburg, to play an active role in shaping them.
“Once you have the framework in place, it is clear that the most important activity is to understand why you are complying with anything – that will help you to understand each one’s relative importance and so the resources you need to assign to it, and the benefits you need to measure,” he concludes.
|Tel:||+27 11 554 8000|
|Fax:||+27 11 554 8100|
|Articles:||More information and articles about ContinuitySA|
© Technews Publishing (Pty) Ltd | All Rights Reserved