This Guide to Compliance Management Systems provides a step-by-step program for establishing, developing, implementing and maintaining an effective and responsive compliance management system within an organisation in accordance with the International Standard for Compliance Management Systems.
This Guide to Compliance Management Systems is designed for organisations of all sizes, with a specific focus on helping small and medium enterprises meet their compliance obligations in an easy-to-implement, cost-effective and efficient manner.
If you are new to compliance, this best practice Guide to Compliance Management Systems to building a compliance management system provides you with comprehensive information on what you need to do to set up an internal system for complying with and meeting your legal and regulatory obligations and commitments.
- Introduction. 2
- Program structure. 3
- Stage 1 Setting up the compliance management system.. 3
- Compliance management system flowchart 3
- CMS development overview.. 4
- Step 1: Compliance organisational structure. 5
- Step 2: Compliance management framework. 7
- Step 3: Compliance management policy. 7
- Step 4: Compliance management procedures. 8
- Step 5: Compliance obligations and commitments. 8
- Step 6: Compliance documentation. 9
- Step 7: Other high value content 11
- Step 8: Central document repository. 11
- Step 9: Introduce controls. 11
- Step 10: Compliance schedule. 12
- Stage 2 Implementing the compliance management system.. 12
- Step 11: Operationalise the system.. 12
- Step 12: Compliance training. 12
- Stage 3 Checking on the compliance management system.. 13
- Step 13: Reporting and analytics. 13
- Stage 4 Improving on the compliance management system.. 14
- Step 14: Continuous improvement processes. 14
- Step 15: CMS roadmap. 14
- Document information. 14
The development of any compliance management system should take into account the organisation’s governance, risk management and compliance (GRC) framework as an integrated approach to corporate governance, risk management and regulatory compliance. Hence, while this Guide relates to a step-by-step program for developing, implementing and maintaining a compliance management system, it also covers establishing a governance framework and risk management system as related concepts that is required for effective and responsive compliance management systems.
In order to be effective, any compliance management program of an organisation requires good organisational culture. Implementing a good organisational culture always starts from the top – an ethical and risk aware management leads to an ethical and risk aware team. On the other hand, a poor corporate culture drives misconduct.
A large part of this Guide to Compliance Management Systems therefore provides recommendations, tools and resources dedicated to building processes for developing core values for senior management and staff and for implementing these in practice.
The step-by-step program is divided into 4 stages and adopts the Plan Do Check Act (PDCA) model for building management systems. This program structure can be used by any large or small organisation to build a compliance management system.
- Stage 1 Plan: Plan the compliance management system
- Stage 2 Do: Implement the system
- Stage 3 Check: Review and monitor the effectiveness of the system
- Stage 4 Act: Improve on the system
Even if your organisation has a robust compliance management system, it is a good idea to review the system following our program structure as part of your continuous improvement process.
The length of time it takes to plan, develop and implement a compliance management system depends on your resources, dedication to the program and size of your organisation. Many smaller organisations implement the system very quickly (around 4-6 weeks) while others take a while longer to complete Stage 2. For organisations with larger teams and more stakeholders to consider, implementing a system from scratch may take up to a period of 6 months or more.
Stages 3 and 4 are an ongoing program with a focus on ensuring compliance and the continuous improvement of the compliance management system.
This compliance management system flowchart has been extracted from the International Standard for Compliance Management Systems. The step-by-step program follows the flowchart and adapts it for small businesses who do not have such a complex organisational structure.