Compliance

WHAT IS IT?

Compliance is the extent to which an organisation meets requirements that arise from Acts of Parliament, regulations, the organisation’s policies and procedures, industry standards or more general standards for quality, occupational health and safety and a wide array of other requirements.

 VALUE PROPOSITION

It is not possible for a member of a governing board or even a member of the senior management of all but the smallest organisation to be aware, on a daily basis, of the extent of compliance by every nook and cranny of the organisation with the myriad of compliance requirements it is required to meet.  External services can provide a significant part of the solution for a cost-effective price.

 HOW MUCH COMPLIANCE?

Although it sounds like a gluttonous view, there can never be too much compliance!  Anything less than full compliance (100%) is not compliance!!  And that rule applies even though there are potentially hundreds of requirements your organisation must address.  There are, in most cases, however, options for ways to achieve 100% compliance which revolve around timing and depth; compliance solutions do have to work in practice as well.

The range of your organisation’s compliance requirements is likely to be quite wide and include:

  • Accounting and auditing standards and policies;
  • Accreditation and quality assurance requirements;
  • Auditing and certification requirements;
  • Banking contract requirements;
  • Building legislation and regulations;
  • Business name registration;
  • Cash transaction and transport requirements;
  • Caveats and encumbrances on real estate;
  • Conditions of funding;
  • Consumer protection and competition laws;
  • Contractual requirements for trade, supply, employment, tenure and other arrangements;
  • Council planning, building and occupancy requirements;
  • Court orders and other judicial requirements;
  • Crimes Act prohibitions, e.g. secret commissions;
  • Employment laws;
  • Enabling legislation requirements for statutory bodies;
  • Environmental protection requirements, permits and licences;
  • Financial management and reporting;
  • Fire prevention requirements;
  • Food handling requirements;
  • Foreign currency requirements;
  • Freedom of Information legislation;
  • Governance – arising from companies legislation, enabling legislation for public sector agencies, associations incorporation legislation and other specialised legislation for particular groups of entities such as co-operatives and franchisors and franchisees;
  • Government policy requirements;
  • Industry legislation and regulations, e.g. utilities;
  • Industry standards for production, selling, usage and application, e.g. pharmaceuticals;
  • Insurance legislation – disclosures and adequacy of cover;
  • Intellectual property registration and licensing conditions;
  • Laws and requirements of other countries affecting our production, imports and exports;
  • Loan covenants in borrowing and similar deeds including mortgage debentures, derivatives and hedges;
  • Occupational health and safety legislation;
  • Occupational registration legislation and occupational requirements;
  • Other legislative and regulatory requirements;
  • Other licensing requirements;
  • Overseas trade, customs and excise requirements;
  • Professional credentialling and registration requirements;
  • Requirements for facilities and equipment operation, e.g. pressure vessels, electrical appliances, etc;
  • Software licence conditions;
  • Stock Exchange Listing Rules and other requirements;
  • Superannuation trust deed compliance;
  • Taxation (and PAYG and BAS) requirements;
  • Terms and conditions in constituent documents such as the organisation’s Constitution or Memorandum and Articles of Association;
  • Trade mark, copyright, patent and other intellectual property rights requirements;
  • Transport vehicle registrations, permits and other requirements; and
  • Unauthorised use of assets, including software.

THE COMPLIANCE PROCESS

  • Identify and catalogue the compliance requirements in ONE system – in the form of a Compliance Register;
  • There may also be a need to create or update the Contract Register;
  • Make a plan for testing compliance internally on a cyclical basis;
  • Consider the requirements of Australian Standard AS/NZ 3806:2006 Compliance Programs
  • Test compliance at the planned frequency and report to the governing board and senior management;
  • Develop a time series of compliance statistics to measure compliance performance over time;
  • Develop and implement action plans for areas of non-compliance;
  • Create an ongoing reporting framework for shortcomings and remedial actions implemented.

RESOURCES

  • There is a range of specialised systems for particular industries that facilitate recording and reporting of compliance.  If nothing is suitable and cost-effective, Microsoft Office products should be used – selected from the choice of WORD, EXCEL or ACCESS to create the necessary database and monitoring information and reports.
  • An internal survey of all executives and other personnel with any responsibility for or involvement in compliance to obtain their input to the Register of Compliance requirements.  The results of the survey will give the governing board a great start to understanding its compliance requirements.  But then a longer checking, researching and amending process begins that can be expected to continue for two to three years before the register can be regarded as complete and only requiring maintenance.
  • Due to the nature of this exercise, advice from a solicitor with experience in your sector or industry will be essential to support the efforts you make internally.
  • A significant part of audits performed for management include compliance projects.  That process is a cost-effective way of keeping your governing board informed once the recording and reporting systems and controls  have been established.

FREQUENTLY ASKED QUESTIONS

1.     How can I be sure that my organisation has complied with all of the applicable requirements?

Achieving that goal is likely to take time but it’s important to keep building on your efforts to date because in the early stages you will keep discovering new requirements that were not recorded previously.

 2.     Are there any existing lists of compliance requirements for particular industries or segments which can do a lot of the work for us?

There are certainly elements of such lists on the internet but I would encourage you to use those in conjunction with the internal survey described above.  For example, the BACeS system (sponsored by Latrobe Regional Health) has been customised for use in the health care sector but I would not recommend relying on it exclusively without modification to take account of your organisation’s particular needs.  And, of course, that’s only for one of many sectors.

3.     Can compliance assessment and measurement be outsourced effectively to an audit or legal firm?

Yes.  The main proviso is that their work will only be as effective as the organisation’s systems allow.  If those systems do not measure up, there is a likelihood that the firm appointed will spend most of their time making long lists of questions and requirements not yet addressed in your system.  But that may be a necessary and useful step and should only need doing once.

4.     What are the most common fines and penalties for organisations that don’t comply with all of the relevant requirements?

That is a very difficult question to answer in a few words because there is such a wide variety of requirements and fines and other penalties range over an even broader spectrum.  Many offences attract a small fine only.  Then there are those that attract significant fines (sums exceeding $100,000 and, in some cases, exceeding $1 million).  Finally there are those offences that attract prison sentences – mainly associated with negligence giving rise to serious personal injury or death.

Although many regulatory agencies are not resourced to conduct adequate surveillance of non-compliance, it does remain an offence and so being caught or being obliged to confess still carries penalties and, potentially reputation risk.  Professionally, an organisation’s management and other qualified personnel may be penalised by the regulator of their profession or an industry body.

Those observations, though, are only part of the story because, often, the reputational damage from adverse media reports and the associated legal costs compound the prima facie damage and losses.

So, the ‘bottom line’ is that non-compliance is a significant risk for almost all organisations and must be managed pro-actively to avoid adverse consequences.  History suggests that ‘getting away with it’ is neither a viable method of managing the risk nor a responsible policy for a governing board or its professional staff members.

The good news is that everyone is in the same boat, so there is lots of assistance available and, with a little searching, many people who are happy to discuss the ways and means to achieve compliance.

5.     Where can I get expert help with compliance issues?

Simply .  .  .

Call me on:  +61 417 373 589

Email:  peter@strategicassurance.com.au

Visit (by appointment only):  Level 7, 470 Collins Street MELBOURNE VIC 3000 | ABN 62 064 547 275

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s