Compliance Master

How To Build An Integrated Compliance Management Framework In 6 Steps

Over the past two decades, enterprises worldwide have experienced significant increases in their regulatory oversight and reporting obligations. At the same time penalties for non-compliance have increased to the point where they can seriously affect an enterprise's reputation and viability.

In 2014 many of the maximum penalties under the Protection of the Environment Operations Act, 1997 (NSW) were increased tenfold. A trend which has been repeated across other jurisdictions and laws, including; privacy, wages, competition, consumer, safety and health; just to name a few.

Despite these growing regulatory risks, many enterprises continue to manage their compliance obligations in silos i.e. divisions, departments, branches, units, etc. Which often leads to high process duplication, inconsistent reporting and worse still - suboptimal decision-making.

A more efficient and effective approach is to consolidate enterprise compliance monitoring, analysis and improvement functions under an Integrated Compliance Management Framework (ICMF).

Benefits of an ICMF include less process duplication, lower compliance costs, consistent compliance analysis and reporting, improved decision making and most importantly, lower compliance risks.

Implementing an effective ICMF can be a challenging process. Which is why I've put together the following 6 step process to help compliance managers and compliance personnel better understand what is needed to deliver an effective ICMF, and what to avoid along the way.

Step 1: Stakeholder Support

As with any major enterprise initiative that seeks to create a paradigm shift in how people perceive and undertake their work responsibilities the first thing you have to do is get their buy-in and support. The same applies to an ICMF.

Start by gaining the support and buy-in of the executive and board. The best way to do this is to develop a detailed business-case that clearly sets out the benefits of an ICMF.

Next, make sure your business-case also details how an ICMF will impact on people's roles and responsibilities, its implementation and operating costs, and what it will potentially save the enterprise in the long-term.

As important as a good business-case may be for selling the benefits of an ICMF to stakeholders at all levels of an enterprise, there is no guarantee it will get your proposal over the line.

If anything, history has shown that compliance initiatives often struggle to find board and executive support and funding. That is until something serious goes wrong.

I'm not suggesting you should delay submitting your ICMF proposal until your enterprise, or a competitor, experiences a major regulatory breach, class-action, or bad publicity, but its chances of success will be a lot higher if you can - it's just human nature.

Step 2: Compliance Stocktake

The purpose of a compliance stocktake is to clarify all the laws, regulations, standards, treaties, permits, customer agreements, etc. that an enterprise must comply with in order to avoid penalties and reputation damage.

A compliance stocktake can also uncover compliance requirements that have may have remained hidden from your board and executive, thereby preventing them from properly carrying out their compliance oversight and management responsibilities.

A compliance stocktake will also lay the foundation for your ICMF by identifying gaps and weaknesses in your enterprise's current compliance management processes, and areas of process duplication.

Step 3: Compliance Software

Perhaps the most critical step towards building an effective ICMF is the purchase of compliance software. Without suitable enterprise compliance software implementing an effective ICMF is near impossible.

A 2017 survey conducted by Deloitte found that improvements in compliance management processes and IT systems would not only help improve compliance performance but also reduce costs by up to 15%.

There are many types of compliance software you can choose from but before you make a final decision, make sure it supports the following ICMF activities.  

• The ability to record your enterprise’s compliance requirements in one central location; refer to Step 2.

• The ability to regular schedule compliance self-assessments for each of the above compliance requirements, and to report actionable findings to internal and external stakeholders.

• The ability to centrally record, track and report corrective actions and compliance improvements enterprise-wide.

Some other important ICMF software features are outlined in the sections below.

Step 4: Compliance Responsibilities

Next, define, document and communicate the compliance management responsibilities in relation to the laws, regulations, standards and customer requirements, etc. identified in Step 2. But beware;

A common mistake is to make compliance personnel solely responsible for an enterprise's compliance performance instead of the executives and line-managers who have direct control over the systems, processes and employees that drive enterprise compliance.

Compliance personnel should share some of the responsibility for enterprise compliance, but not all it. Their role needs to focus more on ensuring the ICMF is working effectively and that managers and employees are provided with the necessary resources and support to carry out their compliance responsibilities.

Having defined your enterprise's compliance responsibilities ensure they're clearly documented in position descriptions, and recorded in your compliance software alongside each of the compliance requirements identified in Step 2.

To encourage ICMF buy-in link the remuneration of your executives, managers, employees and suppliers to their compliance performance through suitable KPIs.

Step 5: Compliance Self-Assessments

Next, monitor and report your enterprise's compliance performance against each of the compliance requirements identified in Step 2.

The most reliable method of assessing and reporting enterprise compliance is through regular self-assessments. A suitable software solution that enables compliance personnel to centrally schedule and analyse self-assessments results enterprise-wide will make this task more manageable.

Once again, make sure that those managers and employees identified in Step 4 for enterprise compliance are allocated the main responsibility for carrying out their own compliance self-assessments rather than your compliance personnel. Also;

Ensure your compliance software is capable of analysing self-assessment results and reporting outcomes to internal and external stakeholders in a format they can easily understand.

Most importantly, ensure stakeholders can use your compliance software to quickly understand the reasoning behind identified non-compliances and what needs to be done to fix the problem; which brings us to Step 6.

Step 6: Continuous Improvement

The final step in building an effective ICMF is ensuring responsible managers and employees can use your compliance software to centrally record and update what they are doing to correct identified non-compliances including uploading closeout evidence.

Also, ensure your software enables corrective actions and improvements to be linked to and shared between non-compliances identified not only through self-assessments but also via safety reports, customer complaints, whistle-blowers, external audits, management meetings, etc.

In Conclusion

Building an effective ICMF can be a major challenge for compliance managers and personnel, but the task can be made a lot easier with the help of suitable software, a clear understanding of key success factors, and what needs to be avoided along the way.

Many enterprises that have successfully implemented an ICMF talk about improved compliance performance, increased speed adapting to new and changed compliance obligations, better collaboration across departments, business units and divisions, and less process duplication.

For more information on how your enterprise can access the benefits of an ICMF with the help of an easy-to-use software solution visit our website at

Request a Call Back

Compliance Master