CONTEXT OF THE ORGANISATION

The compliance framework needs to be contextualized so that it reflects not only the internal issues that affect the operation
of the organisation but it also the external environment. Here you must:
Establish what will be covered by the
compliance management system.

Identify obligations, these can be

both mandatory and or voluntary.

Ensure the compliance management

system (CMS) reflects the
organisations values, objectives,
strategy and compliance risks.

Build processes to identify new and

changed laws, regulations, codes and
other compliance obligations.

Identify and evaluate its compliance

risks through a formal compliance
risk assessment or conducted via
alternative approaches.

LEADERSHIP
The governing body and top management should demonstrate leadership and
commitment to the compliance management system. Management also must show
commitment by:
Establishing a compliance policy that is appropriate for the organisation and
communicated to all levels of the business.

PLANNING

Assigning responsibilities and authority for relevant roles.

Establishing a recognised compliance function, even if not standalone.

The organisation needs to plan adequately to assure the

compliance management system can achieve its intended
outcome. Through planning you must:

Setting the right tone from the top, the governing body and leadership team
need to establish and uphold the organisations values.

Prevent, detect and reduce undesired effects of the CMS.

Achieve continual improvement in the CMS.

EVALUATION
The framework needs to be monitored to ensure its effective,
current, and can identify instances where non-compliance
has occurred. Compliance indicators and reporting needs to
be established to help with this aspect. This includes:
A plan for continual monitoring should be established,
setting out monitoring processes, schedules, resources
and the information to be collected.
Conducting audits at least at planned intervals to provide
information on whether the compliance management
system is meeting its objective.

ISO 19600:2014
Compliance
Management
Systems
OPERATION

IMPROVEMENT
The compliance management system should drive continuous improvement in the
compliance program. This means:
When noncompliance occurs, the organization should take action to control and
correct it, and/or manage the consequences.

effectiveness of the CMS.

Identifying opportunities for improvement
of the compliance performance of the
organization.

The organization should seek to continually improve the suitability, adequacy and

If required, the framework should be

improved to address any short comings.

The operation of the compliance management system needs

to be managed and controlled. This includes:
Putting in place effective controls to ensure that the
organization's compliance obligations are met and that non
compliances are prevented or detected and corrected.
Outsourced processes need to be exposed to a due diligence
process to ensure that they will adhere to expected levels of
behaviour. All contractors and related third parties need to
be covered by the compliance management system.

SUPPORT
The organisation needs to adequately support the
compliance management system. This includes:
Providing the resources needed for the establishment,
development, implementation, evaluation, maintenance
and continual improvement of the CMS.
All employees adhering to compliance requirements,
participate in training, report compliance concerns and
failures.
All staff should be provided with the necessary training
for them to undertake their duties while operating within
the framework.
Undertaking training when there are significant changes
or updates required or there have been a larger than
acceptable number of compliance breaches.
Raising awareness of the compliance policy and outlining
appropriate behaviour and the compliance culture of the
organisation.
Developing a common, published standard of behaviour
that is required throughout every area of the organization.
Determining the need for internal and external
communications relevant to the CMS.
The compliance framework needs to be documented,
available and updated as required.

Solutions for the GRC Lifecycle

360 Degrees of Compliance

The increasing complexity of global compliance and regulatory changes impacting your organization creates
operational and business risk that demands a considered strategy and comprehensive program that identifies
risks, eliminates gaps, and delivers the flexibility to respond to changes systematically and proactively.
Having the proper tools and analysis in place to build and maintain your compliance program is essential to evaluate, execute
and evolve the supporting components and operational effectiveness of your program. A comprehensive Governance, Risk, and
Compliance (GRC) solution can serve as an organisations compliance system of record, streamlining and automating the
compliance process across the enterprise and ultimately providing a body of evidence needed to demonstrate program effectiveness.
There is a variety of published compliance guidance from governmental entities and regulatory bodies around the world.
From those published compliance guidelines SAI Global has distilled them into five key elements that enable
organisations to comply with those regulations and build effective compliance programs.

Provides
Enterprise
Grade Technology
Compliance Workspace
(regulations, legislation,
standards)

ERM
Audits

Living Code

Content Library

Certification

Instructor led

Policy
Management

5,000+
Translations

Third Party Risk

Management

Surveys &
Assessments

Gifts & Hospitality

Virtual Evidence
Room

Incident Management
Conflicts of Interest

Compliance 360

Dashboard
& Reports

To learn more:
Visit www.saiglobal.com/compliance
Email info.asiapac@saiglobal.com
Call +61 2 8206 6060

Significant
Investment

Global
Pedigree

Industry Leading
Innovation
Analyst Recognition
Broad Capability

Focus on
Australian Market
Local Delivery Teams
Local Support
Teams & Hours
Prioritise Australian
Customers
Australian Hosting

Local
Focus

www.saiglobal.com/compliance