How do you eat an elephant? “Piece by piece” is the answer you’ll find in career guides and project-management handbooks. This wisdom is especially relevant to the establishment and implementation of a risk-based compliance program. If you work on compliance issues within a company, you probably know a thing or two about this. You know that your company needs a well-structured compliance program.
Organization and focus
Nevertheless, companies often face problems with implementation. This is due not only to the complexity of the overall issue, but also to the pressing demands of daily business which compliance departments have to deal with. But the metaphorical elephant can be divided into manageable portions. With this goal in mind, I will use my blog over the next 12 months to guide you through the most important stages in creating and implementing a Compliance Management System (CMS). International standards such as the Foreign Corrupt Practices Act “FCPA”and the United Kingdom Bribery Act (“UKBA”) set the pace as “global best practices”, but these standards have long since been integrated into other regulatory systems. We can, therefore, consider the following elements to be universally applicable. These basic elements also help define the framework – and therefore the overall working plan – for the 12-Month Compliance Challenge:
- “What is compliance?” or: “What am I actually responsible for here?”
- Risk analysis and assessment
- Compliance policies
- Compliance processes
- Management’s commitment and obligations
- Organization, compliance responsibility, autonomy, resources
- Communication, training and consulting
- Reporting systems, investigations, enforcement, incentives and sanctions
- Business partner management
- Due diligence and integration into M&A processes
- Periodic monitoring, review of effectiveness and improvement
The different CMS elements influence each other. And it is just these complex interrelationships which create a danger of getting lost in the details while implementing a compliance program. The problem is aggravated by the never-ending flood of e-mails, meetings and other items of daily business. In his book “The ONE Thing”, entrepreneur Gary Keller advocates concentrating only on a single goal at a time and pursuing this goal in a structured and intensive manner. Let’s try that here too.
Every CMS must be risk-appropriate – there is no “one size fits all” solution. However, there are proven tools that help you to implement individual CMS elements step by step in a risk-appropriate manner. Using these tools to implement the CMS is also the principal theme of the 12-Month Compliance Challenge. The question of “What works and why?” will be our touchstone.
In the next episode we will start with the question “What is compliance?” or: “What am I responsible for here?” A clear description of roles and tasks – including clearly distinguishing compliance from other functions – is the foundation of your compliance work. Let’s get started 😉
If you are unsure how to set up and run your compliance project successfully, please feel free to contact me.