, , ,

THE INGREDIENTS FOR A SUCCESSFUL RISK AND COMPLIANCE MANAGEMENT SYSTEM

At integrum we are fortunate to work with many companies and industries across the globe, from Fortune 500 global companies to government departments to small, nimble enterprises.

We assist them to implement best of breed risk and compliance management systems (GRC, QHSE, Sustainability etc) and work with their teams on how to better manage and track their business operations, reduce risks and ensure compliance.

We believe there are four key ingredients for a successful risk and compliance system namely:

  1.  Closed loop system;
  2.  Accountability
  3.  Transparency, and
  4.  Real time reporting and analysis.

Most organisations have methods to identify and rate their major risks, (albeit most likely using spreadsheets) and to identify controls that should be applied. However, this is only part of the solution. The major challenge is how to implement controls, assign responsibility, ensure controls are in place and monitor for effectiveness. This is where the vast majority of organisations struggle and the use of spreadsheets fail.

Closed Loop System

It is important to ensure there is a closed loop system for assigning ownership for risks and control actions (also referred to as risk treatments) with visibility and accountability.  One alarming trend we see is that organisations deploy a task (or action) management process for their staff with no closed loop system in place. Or no fixed due date for completion.

Not only is it inefficient, it fails to provide that element of accountability and transparency needed to ensure allocated tasks or actions are completed or more importantly completed on time.

Worse still, in areas of business risk and compliance this creates a ‘smoking gun’ environment, one where foreseeable risks are identified, actions are assigned, but without a closed loop system to ensure timely closure of actions, if they remain open and incomplete, AND if that foreseeable risk occurs….smoking gun! In other words, the business has identified a risk, set a plan to mitigate or limit the risk but failed to ensure the plan was executed, or was effective. In legal terms it’s called failure or lack of due diligence. In business terms it’s is called a failure to have in place a management system.

By using electronic management system software the best companies (large and small) we work with are those who emphasise a closed loop system …for everything. Accountable and transparent, assigned responsibility and performance measured on completing actions ON TIME AND IN FULL.

 

Accountability

If your team members are accountable at every level of your management system, from the top down, or more importantly from the bottom up, then you have a continuous line of management responsibility / accountability. This is extremely important because if you are accountable for delivering results, or even simply accountable to close off actions or tasks on time, then it flows up the chain, and in effect you have created a closed loop system.

Think about your own management systems within your business – is there accountability at every level – to deliver the agreed objectives, targets or even simply, to close actions or tasks on time? The same principles apply to risk and compliance management systems.

Transparency

The next ingredient is just as important and is inter-related to Accountability. Transparency within your system, at every level, will create an openness to share and disclose information which in turn drives home the responsibility and as a result the accountability of your team’s actions and performance.

This is where electronic management systems should come into their own. If they have been well implemented, they should provide both accountability and transparency.

When we move organisations from their legacy paper based systems to the integrum software system, it throws up the challenge for some corporations to have to apply a different mindset, (or corporate culture if you will), on how they operate as a business.  Systems within business should be transparent and people should be accountable within their own job functions and as part of the management system collectively. This can be a challenge for some organisations. Of course you can control access to information and limit who can see what in integrum, (eg line management etc) but the best systems are those that create the ingredients of accountability and transparency.

Real Time Reporting

A good management system software should provide real time visibility of your management systems, the key performance indicators, the team, their performance, and offer transparency amongst their peers and management. In fact it becomes accountability by transparency and it promotes the right culture for continuous improvement.

So it is important to have real time reporting and dashboards – not waiting for monthly reporting by spreadsheet otherwise you are operating blind.

Why not have real time reporting on risk and control actions completed, actions overdue, number of controls managed, number of defects closed, number of complaints resolved, inspections done, documents approved, risks rated, etc – the list is endless.

In other words, in real time, how the business is actually performing?

But it needs top down direction and implementation of simple systems to ensure actions are assigned, dates for completion are met and can be tracked in real time. Not waiting for a monthly spreadsheet update on how your team members are managing their risks, controls and actions.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *