Is your risk and compliance management adequate?
Being responsible or accountable for organizing compliance with legal, policy and contractual obligations is central to the business compliance function. The findings from the risk and compliance studies feed into the foundation of corporate compliance. The aim of (IT) risk management is to adequately respond to vulnerabilities in the administrative and technical organization that threaten business continuity. The purpose of the corporate compliance function is to enable management to be accountable based on baselines that include the requirements of its own policies, contractual and legal obligations.
The accountability forms a starting point for improving the organization of business activities.
Under pressure from new legislation and related supervision by competent supervisors, the supervisory or compliance burden is increasing. Chain partners are also increasingly requiring demonstrable compliance with the law and agreements. Companies of any size are used to compliance pressures. This pressure is new for small businesses. They often experience this as oppressive.
An overview of our services
Does management perceive compliance efforts as a burden or cost? Then the (corporate) compliance function develops with difficulty. Does management recognize that the position can contribute to business continuity? Then added value is created.
Check out our risk management and compliance services below.
Baseline measurement on your (corporate) compliance function
During a baseline assessment, we check the following points: ‘What is the status of the (corporate) compliance function?’ ‘Does risk and compliance management align with the business activities and what are the bottlenecks and areas for improvement?’ ‘How can risk and compliance management be organized more effectively and what does that yield?’
Managing (company-specific) baselines
Company management uses a range of related generally accepted and company-specific baselines and specifications. New and further interpretation of legislative, policy and contractual obligations as well as improving management measures give rise to regular updates of baselines. Management’s responsibility includes both the “static” baselines and the compliance process.
IT Risk Management in the Cloud
Companies are increasingly using cloud services. Rightly so because the cloud offers many benefits to businesses. Direct responsibilities shift but the company retains ultimate responsibility and therefore faces risks in the extended chain. Regardless of the cloud layer taken, the company is always responsible for assigning authority, managing data and using devices on the network.
IT Compliance in the Cloud
The cloud offers good opportunities to perform compliance. In the process, it can be automatically determined that various standards frameworks are met. The compliance officer provides guidance and support in this regard.
Internal control
Periodically, a company determines the effective operation of established management and security measures in systems that support business processes and through which business activities are organized. In compliance work, baselines help the employee or professional estimate the maturity level of control. The control measures can be organized “by design” in systems or implemented by employees.
Contract management and compliance
The continuous determination of compliance with contractual obligations and in sufficient use of the rights can be seen as a special form of compliance. In the contract life cycle, it’s called contract management. Given the leading role of our professionals in organizing an effective corporate legal function, we pay special attention to this.
Risk and compliance management training program
Applying risk and compliance management requires the attention of company leadership, department management and employees. Most employees will ask why risk and compliance management is necessary and what the added value is to the company, the department and the employee. Awareness and training programs are needed to convey the knowledge about compliance before they can properly implement it during their daily work.
Risk and compliance support on demand
We support companies with knowledge bases, webinars, and training so that a company is able to self-organize the corporate compliance function. If help is still needed, for example due to lack of capacity, a company can call on one of our compliance professionals.
Drawing up a suitable business case
Organizing the corporate compliance function can only be successful if there is sufficient value added to the company, department and employees. Each step requires a business case with revenue and cost streams.
Frequently Asked Questions
What is the (corporate) compliance function?
There is no unambiguous definition of compliance. In the financial sector, the role of compliance officer has been elaborated and the purpose of compliance is to establish compliance with laws and regulations.
We see more and more new (European) legislation with compliance arrangements. The subjects, usually the companies and the management, are responsible for organising compliance with legal and contractual obligations. They must account for the (degree of) compliance. This places the supervisory burden on the subjects.
As this legislation is pushed through with compliance arrangements, companies – regardless of size and type – will need a practical, integrated and effective approach to compliance.
We apply such a compliance approach to companies. A company that takes responsibility – and disseminates accountability – for the realisation of its own mission and vision or its policy gains the trust of its partners (customers, employees and suppliers). It enhances her reputation.
Is the use of MYOBI Trust Network and applications necessary for organizing a comprehensive compliance approach?
No, organizing an integrated compliance approach can be organized in a traditional way. It is recommended to use the trust network to organize an effective risk and compliance management. The basis for an effective compliance operation is reliable company and personal data.
What are baselines. Does that include a standards framework and functional and non-functional specifications to an IT system?
We describe a baseline as an overview of management objectives that a company wishes to maintain or achieve. This lists the measures (for each maturity level) that allow a company to measure whether the objective has been met and make adjustments if necessary.
The baselines are based on general standards frameworks such as ISO and NEN (good practices) and legal frameworks such as the GDPR. Baselines can be made company specific by supplementing them with company objectives and contractual rights and obligations. A baseline can also be drawn up specifically for a business activity, for example a baseline with functional and non-functional specifications for the purchase of an application in the cloud or the purchase of an IT system.
What is the difference between the term “internal control,” “compliance” or “internal control”?
We recognize no difference:
- Chartered accountants, charged with the audit of the financial statements, use the term ‘administrative organization and internal control’. Legislators and regulators use the term “compliance (with law)” for being responsible for organising compliance with legal and contractual obligations.
- Operationally, as part of the effective organisation of business activities with business processes that include control measures, company employees often talk about internal control.
Is contract management also a form of compliance?
We can regard contract management as a special form of compliance. A company makes agreements with its partner about providing a service against payment. The parties wish that the obligations are met on both sides as agreed. In terms of compliance, a baseline can be agreed upon by partners to which everyone adheres.
Why the distinction between corporate compliance function, and risk and compliance management?
Businesses are moving their IT needs to the cloud. The companies often use the cloud services of Microsoft, Amazon and/or Google (it is a pity that there are no European providers in this list). Companies appoint IT agencies for the management of their cloud tenant (rented IT environment) and then spend too little time on (IT) risk and compliance management, ensuring business continuity and achieving the promised added value is in danger.
The policy-based agreement and organizational investment of the corporate compliance function is a necessary precondition for success. We find the practical implementation in the organization in risk and compliance management, whereby the cloud suppliers make effective IT tools available.
Risk management focuses on recognizing vulnerabilities that impact business risks, identifying and implementing effective management and security measures by which the company ensures its business continuity.Compliance management focuses on determining compliance with policy, legal and contractual obligations.
Latest news
Do you have any questions or would you like to make an appointment?
Do you have questions about organizing, implementing or expanding your compliance operations? Don’t hesitate to contact us!
