Your compliance program: “iPhone 4” or “iPhone 11”
The level of integrity, quality of policies and procedures as well as laws and regulations are key factors, which influence an organization’s culture and overall business conduct.
Integrating the increasing number of changes in the compliance relevant regulatory environment is a serious challenge to be considered in the overall governance and continual improvement of a Compliance Program.
We have seen an increase in requests from executives for information about how to assess their company’s Compliance Program and determine its value or maturity in today’s challenging environment.
There are various approaches to assess the maturity of an existing Compliance Program, or elements of it (for example an Anti-bribery Program).
In general, a Maturity Level Assessment (MLA) concentrates on the assessment of the effectiveness of the company’s Compliance Program and the company’s system of internal controls designed to prevent the company from fraud as well as properly manage situations where fraud has occurred.
Our MLA practice is not copied from a textbook, but is designed based on our extensive practical experience of working in international corporate environments, for many years.
Our Maturity Level Assessment (MLA) practice does not only apply a gap analysis, but also identifies redundancies in your organization. These are activities that are not adding value to your organization and therefore may constitute an unnecessary burden. For example, there could be a tendency to “make policies for policies”, which could hinder the focus on the company’s compliance mission.
In light of the recent focus on the anti-bribery standard, ISO 37001, it is worth mentioning that the structure of our MLA is harmonized with the ISO 37001 standard and philosophy.
So, how does this MLA work?
Various procedures and activities are designed to make the content and spirit of the Compliance Program become part of the company’s “DNA”, to prevent fraud as well as manage situations where fraud has occurred.
In combination, control elements help a company achieve the overall objectives to prevent, detect, investigate, and resolve fraud, as well as continuously improve the system of internal control elements.
As a best practice, the control elements of the compliance program are designed to be dynamic and ever evolving, not only existing on paper.
In our MLA-Practice we have identified 14 control elements that are relevant when assessing the effectiveness of the company’s Compliance Program. Each of these control elements has one or multiple purposes, such as the prevention, detection, investigation and resolution of violations of the Code of Conduct.
This practice also assesses the effectiveness of the organization’s governance framework. It involves all roles in an organization, such as line management as well as functions other than just Compliance, as compliance must be a shared responsibility across the company.
The results of an MLA can be easily translated into an action plan for the compliance team and used as a tool to demonstrate progress to the Executive Management.
It is now up to you to decide whether you are comfortable with your existing “iPhone 4”, or be pro-active and have your Compliance Program assessed, to make it an “iPhone 11”.