SEARCH

Compliance leaders know that when it comes to risk there is more than one type of dragon to contend with Effective compliance is about handling uncertainty to decrease the probability of non-conformance as

GRC is an acronym used to describe three functions: governance, risk, and compliance. A conservative estimate of the cost of compliance (excluding the other GRC functions) is 10% of a worker It is easy to imagine that If compliance continues on its present course, compliance will require: one person to ensure that compliance is met for every person doing the work. Clearly, this approach is not sustainable or desirable for compliance and neither for GRC as a whole.

Effective compliance (ex. quality, safety, environmental, and regulatory) requires that existing conditions are maintained, and that progress is made towards compliance goals (ex. zero defects, zero fatalities

What this means for compliance For compliance to improve its risk perception it needs to look through Obligations - this will help to see obstacles and opportunities associated with meeting obligations (Compliance risk registers but more importantly provide better measures to improve the probability of achieving compliance

years it became clear that their risk capabilities had not progressed as well as other aspects of their compliance goal for this new manager was to establish a consistent risk framework to be used across each of the compliance Managers of the compliance programs along with asset owners now believed that they no longer needed to Organizations that try to improve their compliance often start by breaking down silos consolidating effort If you have a department or manager who takes care of risk and compliance then you most likely have fallen

What we learned was that for external obligations: most of the compliance resources are dedicated to external obligations, it was difficult for organizations to meet their obligations using traditional compliance ) was needed for organizations to make progress and realize the benefits from ESG along with other compliance This requires several things working together to produce the outcome of compliance: Better safety, security

When it comes to risk & compliance it is important to identify, collect, and monitor data of all kinds Similarly, for risk & compliance – methods without measurements is also nonsense. While it is essential to know the status of risk & compliance system it is also important to know the These are most useful when assessing the performance of a risk & compliance program. underlying systems are capable of keeping an organization in compliance today and in the future.

previous blog post we considered the nature of environmental obligations from the perspective of their compliance Unfortunately, compliance for many organizations focuses mostly on external obligations associated with For compliance to be effective it must adapt to the changing landscape by expanding beyond mandatory Does compliance in your organization cover all your obligations?

Obligations associated with Environmental Social Governance (ESG) initiatives can cross and overlap several compliance them will be largely shaped by the scope and nature of the ESG obligations and the existence of other compliance Other standards that might be helpful to get started: ISO 37301 - Compliance Management System Standard

safe may be the very thing that is holding them back from making improvements and advancing overall compliance these same companies are being asked (regulated) to improve, to innovate, and to make progress on their compliance For compliance to be effective it is helpful to consider which culture is best across governance, program

Compliance at its core is about contending with risk. You might even start to better see opportunities to improve your compliance. Opportunities in the Presence of Uncertainty Lord of the Risks - The Two Towers: Productivity and Compliance

Recent revisions to compliance standards and regulations have introduced changes to the way we think companies up until now have worked mostly with prescriptive regulations using a check-boxed approach to compliance The same is true for compliance. You cannot audit your way to better compliance. , you need to apply proactive strategies like risk-based thinking to make certain you are always in compliance