This Compliance Organisational Structure template sets out 3 different organisational structures for compliance. The option that may be adopted for an organisation largely depends on the size of the organisation, the resources available and the industry within which the organisation is in.
Guidance is provided to enable you to select the best compliance organisational structure for your organisation. Each option sets out the compliance management role and where it sits in relation to the overarching governance, risk management and compliance structure for the organisation.
This Compliance Organisational Structure template may be used for organisations of all sizes.
- Description. 1
- Access. 1
- No of pages. 1
- Author 1
- Last updated. 1
- Integrated framework. 1
- Complete kit 1
- Related documents. 1
- Revision table. 2
- Document location. 2
- Purpose. 2
- Scope. 2
- Governance structure. 2
- [Option 1 Compliance organisational structure: 3
- [Option 2 Compliance organisational structure: 5
- [Option 3: Compliance organisational structure: 7
- Collaborative approach. 9
- Three lines of defence. 9
- Periodic review.. 9
This Compliance Organisational Structure documents the structure for governance, risk and compliance management of [Organisation name].
This document must be read in conjunction with the following documents:
This document applies to all directors, officers, employees, consultants and contractors of [Organisation name]. [Organisation name]‘s Compliance Organisational Structure extends to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.
[Organisation name]’s structure for governance, risk and compliance management is set out below. The structure provides an integrated approach to governance, risk and compliance management with responsibilities and accountability of compliance obligations described in the Compliance Management Policy.
- Governance means all the processes established by the Board with respect to how [Organisation name] is managed, as reflected in the governance structure.
- Risk management means identifying, managing and prioritising risks faced by [Organisation name] such as risks to the health and wellbeing of employees, risks of breaching laws and regulations, cybersecurity and IT risks and so on.
- Compliance management means the process of identifying and adhering to all laws, regulations, policies, procedures, internal codes of conduct and other commitments of [Organisation name].
[Note: The following pages provide 3 different types of compliance organisational structure. Select the one that is most suitable for your organisation. The remaining pages after the 3 options describe the 3 lines of defence model which applies to all 3 options.]
Dedicated Compliance Officer
- Dedicated Compliance Officer with a combined compliance and risk function
- May or may not have an assistant
- Core compliance function is with the Compliance Officer
- Works with each business unit to produce compliance policies and procedures for the unit
- CEO or CFO has administrative responsibility for the Compliance Officer (direct or indirect report)]
The diagram below shows the integrated structure for governance, risk and compliance management and the inter-relationship between the three concepts, and compliance documentation required for each business unit.