News from the business world makes you scratch your head!

How can some of the decisions made by companies’ Boards and managements be so out of tune with good common sense and integrity? Recent examples have been referenced in the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry being undertaken by Commissioner Hayne, but it’s not too difficult to find examples in other industries.

Even more astounding is the fact that many of the same companies have well-resourced “Enterprise Risk Management Systems”, “Risk and Audit Committees”, “Risk and Compliance Managers” and the like.  How is it possible that the stories which have emerged in the past couple of years have been occurring at the same time as the management text books and conference programs are bulging with theory and practical guides on “Governance, Risk and Compliance”? It even has its own three letter acronym – GRC!

As the great Bob Dylan said, the answer is “blowin’ in the wind”!

It’s worth spending a bit of time looking at basics to see how these issues can be handled.  Our clients range across many different industry sectors, and the issues which they need to deal with are diverse.  Some are in heavily regulated sectors, while others are subject to only the most general of regulatory frameworks.  However, there are common threads running through all organisations. All organisations will have compliance requirements in areas such as their banking arrangements, supplier contracts, worker entitlements, taxation obligations and so on.

The following 12 principles of compliance have been extracted from the Australian Standard on compliance programs, published in 2006 (AS3806). In the Standard’s Foreword, compliance is broadly described as follows:

“Compliance should, while maintaining its independence, be integrated with (an) organisation’s financial, risk, quality, environmental and health and safety management systems and its operational requirements and procedures.

An effective organisation-wide compliance program will result in an organisation being able to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, organisational standards as well as standards of good corporate governance, ethics and community expectations.

An organisation’s approach to compliance should be shaped by its core values and generally accepted corporate governance, ethical and community standards”.  

The principles of compliance are listed under four fundamental categories which should be relevant for any organisation:

• Commitment

• Implementation

• Monitoring and Measuring

• Continual Improvement.

Commitment

Principle 1: Commitment by the governing body and top management to effective compliance that permeates the whole organisation.

Principle 2: The compliance policy is aligned to the organisation’s strategy and business objectives, and is endorsed by the governing body.

Principle 3: Appropriate resources are allocated to develop, implement, maintain and improve the compliance program.

Principle 4: The objectives and strategy of the compliance program are endorsed by the governing body and top management.

Principle 5: Compliance obligations are identified and assessed. 

Implementation

Principle 6: Responsibility for compliant outcomes is clearly articulated and assigned.

Principle 7: Competence and training needs are identified and addressed to enable employees to fulfil their compliance obligations.

Principle 8: Behaviours that create and support compliance are encouraged and behaviours that compromise compliance are not tolerated.

Principle 9: Controls are in place to manage the identified compliance obligations and achieve desired behaviours.

Monitoring and Measuring

Principle 10: Performance of the compliance program is monitored, measured and reported.

Principle 11: The organisation is able to demonstrate its compliance program through both documentation and practice.

Continual Improvement

Principle 12: The compliance program is regularly reviewed and continually improved.

It’s not rocket science, and it’s been around for a while, but it seems that the simple messages contained in the principles have not hit home in some of the biggest businesses in the land.

Whether you use this framework to help develop an extensive risk management system or as a simple checklist to help guide your family business, there are benefits in applying some basic principles so that you can sleep well at night!

For more information on the Australian Standard for Compliance Programs, please refer to http://aeaecompliance.com/images/documentos/AS-3806-2006-Compliance-Standard.pdf

Author: Steven Lamande, Partner nem Australasia

This article is based on research and opinion available in the public domain.