⇐ Continued from Guide to Compliance Management Systems
On creating and establishing your compliance management policy, the next step thereafter is to develop procedures for compliance setting out the methodology for identifying, managing, monitoring and reviewing compliance obligations, compliance risks and workflow for the operation of the compliance management system. These procedures should be documented in a compliance management procedures document.
In general, the procedures should reflect the steps described in this Guide, while the methodology set out in the compliance management procedures for identifying, managing, monitoring and reviewing compliance obligations and compliance risks should be adhered to.
|Resources ⇒ Use our Compliance Management Procedures template as a basis for developing and creating your compliance management procedures.|
When developing procedures for compliance, procedures for managing compliance risks (i.e. risks of non-compliance) should also be developed. More information on the methodology and process for implementing a risk management system is available from our Guide to Risk Management.
The application of rules, regulations and laws to your organisation depends on your organisational structure, business activities, products, services and operational processes.
Examples of sources of compliance obligations include the following:
- laws and regulations
- orders, rules and guidance by regulatory bodies
- permits, licences, other forms of authorisation e.g. ACL, AFSL
- court or tribunal judgements
- treaties, conventions, protocols
Examples of sources of compliance commitments include the following:
- agreements with community groups, trade unions, non-governmental organisations
- agreements with public authorities
- agreements with customers, vendors and suppliers
- contracts with employees, consultants and contractors
- voluntary principles or codes of conduct
- voluntary labelling or environmental commitments
- relevant industry standards
Without knowing in advance every activity that may be conducted by your organisation, it is impossible to identify every obligation that may potentially apply to such activity. In addition, the changing economic and legal landscape in some areas of law (e.g. employment) means that meeting your compliance obligations now may not necessarily mean that the obligations remain the same or that the actions taken by you to comply will be sufficient for the future.
However, in building a compliance management system that meets international standard requirements, you are seeking to minimise the risk of non-compliance by putting in place a process for ensuring that new activities, products and services developed or offered have gone through a compliance checklist prior to such activity, product or service being released or launched.
In general, there are some legal and regulatory obligations that apply to every organisation doing business in Australia. In addition to such general obligations, regulations may apply to specific industries and specific entities.
Ways to identify compliance obligations may include any or all of the following:
- Internal workshops and meetings to understand the business operations and business environment of each business unit;
- Consulting with legal and compliance advisors;
- Communicating with legal, regulatory and industry bodies;
- Subscribing to regulatory updates with compliance service providers; and
- Internal communications and research.