“Compliance” is defined as adherence to policies, plans, procedures, laws, regulations, contracts or other requirements within a company or organization. Being compliant demonstrates that a business has committed to conforming to accepted practices, regulations or standards. Compliance is one of the most important issues a company faces, irrespective of its industry or customer base.
Stakeholder Expectations Guide the Regulatory Processes
Every organization has at least one stakeholder with an interest in the success of the business. Stakeholders typically range from business owners, government agencies and creditors to customers, competitors and employees. Each of these stakeholders can, through their actions, be instrumental in helping an organization achieve its strategic objectives through investments, collaboration, staffing and influence.
To guarantee ongoing stakeholder engagement, business leaders must consistently demonstrate their commitment to compliance by having a robust compliance policy in place. The policy should be consistently reviewed and updated on a scheduled basis, such as quarterly or biannually, or even ad hoc when businesses change or grow. They can achieve this by analyzing internal and external environments to ensure that the organization is addressing all pertinent issues and achieving its goals and objectives. Sharing the results of these analyses with their stakeholders helps to form and maintain strong and sustainable relationships, by managing their expectations and agreed-upon objectives.
Increasing stakeholder value is the goal of these compliance activities. It is necessary to understand the values and issues stakeholders have, which keep everyone on board, engaged and satisfied. Achieving corporate business objectives is the best way to increase shareholder value, but there are other useful initiatives as well. One of them is to demonstrate corporate compliance with established standards, regulations and compliance best practices.
How Corporate Compliance Supports Stakeholder Value
Stakeholders of all kinds have choices—they can choose where they want to shop or work or with whom they want to do business, loan money or invest. When making those choices, they seek out evidence of activities that boost the firm's competitive position. And the more tangible and measurable that evidence is, the better. Furthermore, they want to see initiatives taken that reduce or manage risk in a manner that allows for maximizing performance and profitability. Thus, they want proof that the firm is adhering to rules and industry best practices.
There are two general compliance types: legally enforced and voluntary. Examples of legally enforced compliance include adherence to the Sarbanes-Oxley Act legislation, SEC disclosure statements and EPA environmental regulation. It is not only important to address legally enforced compliance issues, but it is the law and must be enforced. Voluntary compliance includes obtaining certification of compliance from official bodies that validate behavior, enhancing data management and security, making and meeting a commitment to reduce greenhouse gases, or engaging employees in community volunteer initiatives.
While none of these actions on their own necessarily translate into market leadership or revenue growth, they could, nevertheless, be the determining factor when stakeholders are drawing comparisons between competitors and could ultimately drive market share.
Being compliant can accomplish several positive outcomes for an organization, including the following:
- It demonstrates to stakeholders that the business is run effectively and in accordance with established best practices.
- It attracts and retains talent, keeping employees motivated, engaged and committed to their work.
- It instills a level of confidence on the part of creditors who have extended loans or issued debt on the business.
- It ensures that the business is committed to improving and refining its operations, such as employee safety, training and mentorship.
- It improves overall performance, mitigates and manages risk, and expands market opportunities.
- It instills a level of trust for its customers and vendors, in that it can deliver on its promises.
- It reduces the potential for processing additional internal and external auditor reports from key customers, suppliers and other stakeholders.
- It secures data and mitigates cyber risk and data theft.
In sum, being compliant satisfies stakeholders of all kinds that require evidence of competent operations, management and performance, both today and in the future, and is consistent with their expectations.
The Steps to Structuring a Compliance Policy Document
Most compliance managers will stress the importance of the development and distribution of written policies and procedures within an organization. These documents aim to ensure compliance with all applicable laws and regulations. A good starting point is to establish a formalized process for policy development, including an agreed-upon form and format. Furthermore, it should include the process for the development and implementation of new and revised policy documents.
When beginning the process, it is crucial to understand that a policy statement conveys officially approved guiding principles and/or courses of action. The statement should be considered a general description of a course of action that serves as a guide for accepted strategies and objectives. The procedures lay out how a policy must be carried out, and they outline and define officially approved processes and standard practice instructions.
The next step is to develop a policy template. The template aims to prevent excluding any key elements when drafting a policy document. Furthermore, it makes the policy documents immediately recognizable to all users.
Having these documents in place is a good start, but then comes the more challenging part—ensuring that these policies are clearly stated, read and understood and that their message is conveyed throughout all layers, levels and divisions of an organization. Furthermore, the organization will want to articulate the message to its stakeholders so that they, too, are aware that the company is taking compliance seriously and abiding by its rules and standards.
How to Become and Remain Compliant
Many organizations are well on their way to being compliant while others have only done so from a high level or are in the process of structuring a firmwide compliance framework and forming its various committees and members. At any stage, it can be daunting to weed through the volumes of materials and guidebooks, as well as choose the appropriate compliance measuring and monitoring tools available. Furthermore, businesses may look to bring the entire compliance process in-house, while others look to outsource it to specialists, including consulting firms, accounting firms or specialty compliance software providers.
Compliance Tools and Templates Available on KnowledgeLeader
The following is a small subset of offerings pertaining to compliance on KnowledgeLeader:
- Facilitating SOX Compliance Using a Committee Structure Guide: This guide discusses the duties, composition, structure, and interrelationships of the disclosure committee that needs to be formed to facilitate Sarbanes-Oxley compliance.
- Sarbanes-Oxley Section 404 Comparison Guide: This guide presents a side-by-side comparison of U.S. Sarbanes-Oxley (SOX) Section 404, C-SOX (Bill 198) in Canada, and J-SOX in Japan.
- Quality Assurance Function Charter: This sample establishes guidelines and responsibilities for creating a quality assurance function charter.
Compliance Process Flows:
- HR Compliance Process Flow: This flowchart defines the steps an organization can take to implement an HR compliance process.
Compliance Methodologies and Models:
- Regulatory Compliance Capability Maturity Model (CMM): This capability maturity model can be used to measure the maturity of an organization’s regulatory compliance process and to assist its progress from the initial/ad-hoc stage toward the optimized state.
Compliance Checklists & Questionnaires:
- Health and Wellness Compliance Overview Questionnaire: This questionnaire covers the common initiatives, tax implications, legal issues, key risks, expected key controls and interview questions related to compliance procedures for health and wellness.
Compliance Audit Reports:
- Quarterly Compliance Assessment Audit Report: The purpose of this report is to document internal audit’s quarterly assessment of compliance policies and procedures and the validation of the operational effectiveness of key activities and controls within those policies and procedures.
Compliance Policies and Procedures:
- Anti-Bribery Compliance Program Policy: This sample outlines a set of policies and procedures to prevent violation of any national and international anti-bribery and anti-corruption laws and treaties.
- Driving Value Out of the Section 404 Compliance Process: In this issue of The Bulletin, we incorporate insights and lessons learned regarding finance processes and show how value can be derived from improving these processes while still meeting compliance standards.
As well as these above examples, KnowledgeLeader also offers compliance templates, compliance tools, booklets and articles focusing on many areas of compliance, from structuring and integration to monitoring, measuring and reporting.