1 1 Baltzer Science Publishers ISO 19600: The development of a global standard on compliance management By Sylvie Bleker and Dick Hortensius* It has been a traditional complaint of the global compliance officer that regulatory expectations and standards of conduct are uncoordinated across borders, leading to conflicts of emphasis and inefficiencies in the implementation of global compliance programmes from one jurisdiction to another. Increasingly of concern has been also the requirement to verify and ensure that appropriate measures exist for ensuring compliant behaviour within major suppliers, distributors, and other agents deemed to be acting, even indirectly, on behalf of the firm. Whereas some regulators in certain industries have been quite explicit as to what constitutes an effective programme, others have been less articulate; and in many industries there is a clear lack of guidance on the subject at all. It could be that help is at hand, this time from the ISO (International Organisation for Standardization). 1 Even better, there is still time to influence its outcome. This article by Sylvie Bleker and Dick Hortensius provides background information on the reasons why this ISO standard was initiated, explains the content of the current draft standard and its relationship with other well known and widely accepted ISO standards and it significance for companies and governmental authorities. Background Nowadays compliance management receives a lot of attention in a wide variety of business sectors. In the financial sector the presence of an independent compliance officer is a well-known phenomenon, already in place for a number of years, comparable with the controller for financial matters. But also in the nonfinancial sector the Chief Compliance Officers are making their entrance, e.g. in building companies, the chemical * Sylvie Bleker is the chair and Dick Hortensius is the secretary of the Dutch standards committee on compliance management that actively contributes to the development of ISO Sylvie is also Program Director of the Postgraduate education on Compliance & Integrity Management, and Chief Compliance & Risk Officer at Ballast Nedam, whilst Dick is a senior-consultant at NEN Management systems, Netherlands. 1
2 2 As a consequence of both differences in approach and departmental objectives, management solutions applied to meet (compliance) requirements will differ; there is therefore a potential overlap of concerns, or a risk that matters might fall between two stools industry and in energy generation and distribution. All these sectors have to cope with complicated legislation and regulations for which compliance Origins of the ISO In 2012, Australia proposed to start the development of an ISO standard for compliance programs based on the national Australian standard AS This proposal was accepted by the members of ISO and a Project Committee (PC) was established to develop the standard. ISO/PC 271 Compliance Management is chaired by Martin Tolar, president of the Australasian Compliance Institute and the secretariat is provided by the Australian standards body SAI. After two meetings of this ISO Committee the Draft International Standard ISO Compliance management systems - Guidelines has been published for voting and comments by the members of ISO. is important with a view to safety and environmental risks but also with a view to business integrity (e.g. anti-corruption, terrorist financing or money laundering) and related thereto, business continuity and assurance of the continued delivery of vital services. Companies acknowledge that the basis for the effective achievement of any social responsibility objectives is a well organized and managed compliance with rules and applicable laws, as well as with the organisation s own ethical codes and corporate directives. Government authorities show an increasing interest in the compliance management of companies. This may assist them in setting priorities for inspection activities (e.g. less frequent visits to companies with sound compliance management systems) and in the way they carry out inspections (making use of information that emanates from the compliance management system). Broad approach to compliance management Compliance management is (much) more than just meeting the requirements of laws and regulations. Organisations have to deal with many different types
3 3 Debate amongst various politicians and legislators has increasingly focussed on ethical aspects of business conduct, meaning that directing the attitude of people and creating the right culture is more important of requirements from a variety of stakeholders (e.g. customers, sector organisations, etcetera), certificates and key standards and benchmarks that have been chosen on a voluntary basis and, last but not least their own company policies, rules and codes of business. In consequence, ethical business codes are taken more seriously nowadays as an indicator of good corporate governance and social responsibility. Management of all these different and mounting requirements is becoming more difficult, but also more important with a view to liabilities, public image and the license to operate. Often the responsibility for managing compliance with specific requirements is delegated to different persons and departments within the organisation. Technical requirements (customer specifications and technical regulations) are the responsibility of operational management; general laws and legislation are covered by legal or external affairs; and the internal rules and codes of conduct are the responsibility of the HRM department and Internal Control. As a consequence of both differences in approach and departmental objectives, management solutions applied to meet these requirements will differ; there is therefore a potential overlap of concerns, or a risk that matters might fall between two stools. Technical requirements are controlled with technical measures of which the integrity has to be maintained (maintenance, effective procedures and work instructions, competence of personnel). However, in the case of compliance with codes of conduct/ethics, debate amongst various politicians and legislators has increasingly focussed on ethical aspects of business conduct, meaning that directing the attitude of people and creating the right culture is more important. The proposed ISO standard will cover this broad scope of compliance management; an aspect where previous guidelines have perhaps been less attentive. A flexible guideline ISO is developed as a guideline for compliance management and not as a specification that provides requirements. This was the preference of the majority of the ISO members that approved of the project. There are already enough certifiable management system standards for specific disciplines, that include
4 4 Figure 1 Plug-in model for ISO management system standards About ISO ISO (International Organisation for Standardization) is a global network that identifies what International Standards are required by business, government and society, develops them in partnership with the sectors that will put them to use, adopts them by transparent procedures based on national input and delivers them to be implemented worldwide. ISO standards distil an international consensus from the broadest possible base of stakeholder groups. Expert input comes from those closest to the needs for the standards and also to the results of implementing them. In this way, although voluntary, ISO standards are widely respected and implemented by public and private sectors internationally. ISO a non-governmental organisation is a network of the national standards bodies of some 160* countries, one per country, from all regions of the world, including developed, developing and transitional economies. Each ISO member is the principal standards organisation in its country. For example: NEN is the ISO member for the Netherlands and BSI the member for the United Kingdom. The members propose the new standards, participate in their development and provide support in collaboration with ISO Central Secretariat for more than 3,000 technical groups that actually develop the standards. ISO members appoint national delegations to standards committees. In all, there are some 50,000 experts contributing directly to the work of the organisation each year, plus an estimated 300,000 who follow the work and provide input to national mirror committees. When their work is published as an ISO International Standard, it may be translated and adopted as a national standard by the ISO members.
5 5 Small and medium size companies should be able to evaluate and implement solutions appropriate to them, rather than be burdened to create such a management system which would lead to a considerable disadvantage compliance management as an important system element; e.g. ISO for environmental management or OHSAS for occupational health and safety management. ISO is intended to assist organisations in improving and broadening their existing approach to compliance management. Therefore it is helpful that ISO follows the so-called high level structure for ISO management system standards. Consequently, the guideline can be applied as a plug-in to adapt the overall management system of an organisation to manage compliance matters systematically as well (see figure 1). Another reason why it is of importance to create a guideline instead of a certifiable management system is the fact that small and medium size companies should be able to evaluate and implement solutions appropriate to them, rather than be burdened to create such a management system which would lead to a considerable disadvantage for these companies. These businesses should embrace compliance and set up such a management system that fits the needs and possibilities of the enterprise as such, and assist it in achieving the subjacent compliance goals. Risk based approach As stated above, compliance management goes beyond the mere satisfaction of legal requirements. Compliance is also related to meeting the needs and expectations of a wide range of stakeholders. Therefore making sound choices and the setting of priorities is an important part of compliance management. ISO follows a risk-based approach to compliance management that is aligned with ISO (the ISO standard for risk management). This approach is visualized in figure 2. By analyzing the context and environment in which an organisation operates, its compliance obligations are determined. This means that the organisation has to decide upon which requirements, needs and expectations of its stakeholders are to be considered as obligations for the organisation and that will therefore be complied with. Such decisions will be based on a risk assessment that asks: 2 Occupational Health & Safety Assessment Series.
6 6 Figure 2 Risk-based approach in ISO to compliance management according to ISO (numbers refer to clause number in ISO/DIS 19600) What is the risk (threat or opportunity) if I do (not) adopt a stakeholder s need as a compliance obligation? In case of legal requirements, the organisation has no choice: any socially responsible organisation has to comply with the law. However, on the basis of a risk assessment, priorities will be set to devote most management efforts and controls to those obligations with the largest compliance risks (expressed as the likelihood of occurrence and the impact of the consequences of noncompliance). Based on the assessment of the compliance risk, mitigating measures (risk controls) are designed and implemented as well as methods and procedures to monitor and evaluate compliance and the effectiveness of the implemented controls. This risk-based approach assists organisations to provide focus for their compliance management.
7 7 The standard devotes much attention to the roles and responsibilities of the governing body, top management, line management and employees of an organisation, as well as for the independence of the compliance officer In the box four key definitions from the draft ISO are included. These show that the scope of compliance management covers both legal and voluntary obligations. The compliance management system As stated, ISO follows the High level structure (HLS) for ISO management system standards. All the standard elements of a management system are adapted and supplemented for the subject of compliance (see the table overleaf). The standard devotes much attention to the roles and responsibilities of the governing body, top management, line management and employees of an organisation, as well as for the independence of the compliance officer (or more general: Key definitions in ISO/DIS C om p l i a nc e: meeting all the organisation s compliance obligations Note compliance is made sustained by embedding it in the culture of an organisation and in the behaviour and attitude of people working for it C om p l i a nc e obl igat ion: requirement that an organisation has to, or chooses to comply with Note Obligations may arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments such as organisational and industry standards and codes, contractual relationships, principles of good governance and community and ethical standards C om p l i a nc e r i sk: effect of uncertainty on compliance objectives Note Compliance risk can be characterized by the likelihood of occurrence and the consequences of noncompliance with the organisation s compliance obligations Noncom p l i a nc e: non-fulfillment of a compliance obligation Note Noncompliance can be a single or multiple event and may or may not be the result of a system failure
8 8 High Level Structure for ISO MSS Context of the organisation Guidance on compliance in ISO/DIS Analysis of the environment in which the organisation operates (context, issues, stakeholders and their requirements, needs and expectations) Scope of the compliance management system Identification of compliance obligations Assessment of the compliance risks Leadership Policy, commitment, leading by example Roles, responsibilities and authorities with respect to compliance for the board, top and line management, employees and an independent compliance officer Planning Planning of measures to control compliance risks Establishing compliance objectives Support Awareness, competence and training in compliance Behaviour and culture Communication and documentation Operation Implementation of controls for compliance (technical, procedural, directing the attitude and behaviour of personnel) Performance evaluation Monitoring of compliance, application of indicators Analysis of information and reporting of results (internal and external) Internal Audit and Management Review Improvement Actions on non-compliance with requirements and escalation to higher management levels when necessary Corrective action Improvement activities Table Correspondence of the HLS system elements with specific guidance the compliance function). The standard emphasizes that an exemplary role and commitment of management is essential to establish a culture where compliance is the standard and employees at all levels and in all circumstances (can) show the right attitude and behaviour. The standard further recognizes that compliance lies in the end the result of the behaviour and actions of people, hence so-called soft controls become an important part of any control measures. Monitoring of compliance and taking action on instances of non-compliance is described extensively, together with escalation expectations to appropriate management levels when necessitated by the seriousness of the instance of non-compliance. In figure 3, taken from ISO/DIS 19600, the relationship of the elements of compliance management according to the HLS is visualized.
9 9 Figure 3 relationship between the elements of compliance management according to ISO (numbers refer to clause number in ISO/DIS 19600) The significance of ISO Compliance management is an important, at times critical, issue. Good conduct is after all at the foundation of a company s license to operate. The growing number and complexity of (legal) requirements that have to be complied with demands a systematic and planned approach within an organisation. Government inspection and supervising bodies can benefit when organisations accept their responsibility with respect to the implementation of, and compliance with laws and regulations more seriously. By evaluating the maturity of compliance management in organisations where they have to enforce the law, supervisory authorities can usefully adapt the quantitative and
10 10 ISO is intended and designed to be used as the framework for a company wide compliance management programme with a good link to corporate policies and strategies qualitative approach to carrying out inspections and of maintaining oversight. By following guidelines that clarify what constitutes maturity, organisations can limit the disruption to business activities that normally accompany higher intensities of inspection visits. To support such approaches a generally accepted reference for good compliance management is an important tool. ISO will provide that reference. Integrated Compliance Management Compliance management is part of a range of other well-known management system standards, such as ISO and OHSAS In terms of structure and content, ISO is aligned with the next generation of these management system standards and is therefore very suitable to enhance the compliance component of environmental and occupational health and safety management. ISO also provides a good interpretation of the basic compliance related requirements that are part of the core requirements of the High Level Structure ( HLS ) (see figure 1). Therefore ISO is intended and designed to be used as the framework for a company wide compliance management programme with a good link to corporate policies and strategies, as well as with specific operational management activities of other risk disciplines. In the post financial crisis era, there has been an increasing emphasis of the vital role and importance of effective corporate Governance, Risk and Compliance management ( GRC ) as the essence for a successful and socially responsible business. For risk management the global reference is ISO 31000, for corporate governance, reference can be made to the ISO HLS and core requirements for management systems. In early 2015, ISO will complement these existing tools to become the reference document for compliance management. Together these ISO standards will provide the tools for managing an organisation in a responsible way. Transparent application of risk and compliance management standards as an integrated part of corporate governance offers a good means by which to counteract the increasing burden of rules and regulations, and to find a new balance between the exercise
11 11 In a world where social responsibility extends to the business practices of all associated partners and service providers, a standard defining accepted business compliance arrangements will have a significant impact and adherence by companies of their own (social) responsibilities on one hand, and the effective pursuit of oversight responsibilities of regulatory bodies and governments on the other. Next steps ISO member bodies are able to vote and provide comments on the Draft International Standard until 22 April During the next meeting of ISO/PC 271 in July 2014 in Vienna, the results of the voting and comments received will be reviewed, and the text of the next draft version prepared. Assuming that the vote will be positive, the next draft of ISO will be issued as a Final Draft International Standard for a final ballot amongst the ISO members. Then the standard may be published by ISO at the beginning of 2015 Comments on the ISO Standard Until the 21 st of April 2014 comments will be collected through the national standardization committees. It is of particular importance that the global compliance community is aware of the creation of the ISO standard/guideline, due to the influence the standard will have on companies assessing the compliance system of business partners in the future. Even at this late stage, compliance experts need to grasp the opportunity to ascertain that the ISO standard is not only theoretically correct, but also practically effective. Although the ISO compliance guideline will not lead to certification, companies may very well decide to use the standard to assess potential business partners, agencies, distributors and outsourcing contracts included, verifying that they measure up to the ISO guideline; alternatively B2B clients, suppliers, distributors and other business partners may use the standard to benchmark alignment and the maturity of compliance management at your organisation. Whichever what way in a world where social responsibility extends to the business practices of all associated partners and service providers, a standard defining accepted business compliance arrangements will have a significant impact. The ISO guideline on compliance management systems is intended for all kinds of companies and a wide diversity of business activities. The standard applies
12 12 to financial institutions as well as nonfinancial companies (industrial, services, etc.). For unregulated companies, the choice of a guideline over a standard is preferable, due to the fact that small and medium companies may not be able to set up quite as elaborate a system as larger companies might. As a result, the use of a standard would lead to quite a disadvantage for smaller businesses. The guideline offers smaller businesses insight in how to best be in control of the compliance requirements, but leaves them the possibility to set up a compliance system that is fit for purpose. A review and impact analysis of ISO on your organisation might seem a very timely act indeed. More information More information on this subject can be provided by Dick Hortensius, , Post Script The Draft International Standard ISO/ DIS is published for voting and comments with a deadline ending 21 April Persons that would like to provide feedback on ISO/DIS should contact the ISO member body in their country. 3 Some countries already have joined the ISO Project Committee on the ISO Compliance Management System, but they will also appreciate the extra input. 4 M Argentina, Australia, Austria, Canada, China, Denmark, France, Germany, Malaysia, Netherlands, Singapore, Spain and Switzerland.
Certified Once Accepted Everywhere The value of accredited certification Survey Report Published May 212 In 21/11, the IAF carried out a global survey to capture market feedback on the value of certification.
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
1. Introduction In achieving the objectives of transparency, accountability and effective performance for Notion VTec Berhad ( Notion or the Company ) and its subsidiaries ( the Group ), the enhancement
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
Basel Committee on Banking Supervision Consolidated KYC Risk Management October 2004 Table of contents Introduction...4 Global process for managing KYC risks...5 Risk management...5 Customer acceptance
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
IPAA PROFESSIONAL CAPABILITIES PROJECT Procurement Capability Standards Definition Professional Role Procurement is the process of acquiring goods and/or services. It can include: identifying a procurement
A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide
Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.
University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system
Qualification details Title New Zealand Diploma in Organisational Risk and Compliance (Level 6) Version 1 Qualification type Diploma Level 6 Credits 120 NZSCED 080317 Quality Management DAS classification
GHTF/SG4/N28R4:2008 FINAL DOCUMENT Title: Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Authoring Group: GHTF Study Group 4 Endorsed by: The Global Harmonization
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: firstname.lastname@example.org Website:
ISO/TMB/JTCG N 359 ISO/TMB/JTCG Joint technical Coordination Group on MSS (TAG 13) Email of secretary: Convenorship: N0359 JTCG FAQ to support Annex SL Document type: Other committee document Date of document:
Integrated Management Policy Document reference number Document developed by Quality and Patient Safety Directorate Revision number 4 Document approved by Quality and Patient Safety Directorate Approval
Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (email@example.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
ENGINEERING COUNCIL Guidance on Risk for the Engineering Profession www.engc.org.uk/risk This guidance describes the role of professional engineers and technicians in dealing with risk, and their responsibilities
Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles Governance Framework for Special Purpose Vehicles Table of Contents Executive Summary...3
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4
Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.
Statement of Procurement Conduct December 2014 Copyright of Western Power Any use of this material except in accordance with a written agreement with Western Power is prohibited. Introduction Western Power
3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities
Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review
APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have
august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes
Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL-20 1.0 Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation.
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
30 January 2015 Mr John Trowbridge Chairman Life Insurance and Advice Working Group Email: firstname.lastname@example.org Dear Mr Trowbridge, Submission in response to the Life Insurance and Advice Working
Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The
Appendix 14 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT The Code This Code sets out the principles of good corporate governance, and two levels of recommendations: code provisions; and recommended
Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without
Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies Owner / Principal Advance Profitplan Understanding Principles & Concepts Page 1 of 10 Revision
June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document
Commonwealth Financial Accountability Review (CFAR) Paper Is Less More? Thank you for your correspondence on the CFAR paper Is Less More and for the opportunity to comment on the proposals contained therein.
Unclassified ENV/JM/MONO(99)24 ENV/JM/MONO(99)24 Or. Eng. Unclassified Organisation de Coopération et de Développement Economiques OLIS : 14-Sep-1999 Organisation for Economic Co-operation and Development
Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za email@example.com 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms
RMBC s Governance Framework for Significant Partnerships 1.0 Introduction 1.1 Corporate governance describes how organisations direct and control what they do. For a council, this includes how it relates
Organisation for Economic Co-operation and Development (OECD) Corporate Governance Committee 2, rue André Pascal 75775 Paris Cedex 16 France The Hague, 2 January 2015 Ref: B15.01 Subject: Eumedion response
Proposal for Conducting Seminar on Introduction to Social Compliance & Its Business Benefits Submitted to: Environment Agency, Abu Dhabi Table of Contents Summary..02 Seminar Objectives 02 Content Outline..02
Policy (Board Approved) Legal and Regulatory Compliance Policy Document Number GOV-POL-20 1.0 Policy Statement Stanwell is committed to and conducts its business activities lawfully and in a manner that
May 2015 Japan: landmark corporate governance reforms Japan has seen landmark reforms in corporate governance during 2014 and 2015. On 26 February 2014, Japan s Financial Services Agency (FSA) released
2014/CSOM/041 Agenda Item: 3 APEC General Elements of Effective Voluntary Corporate Compliance Programs Purpose: Consideration Submitted by: United States Concluding Senior Officials Meeting Beijing, China
Role Profile: Risk and Compliance Manager Location: Adelaide, South Australia. Reports to: Executive Director School Services. Qualifications: Relevant tertiary qualifications. Remuneration: Based on skills,
Joint Accreditation System of Australia and New Zealand Scheme (AMS Scheme) Requirements for bodies providing audit and certification of 13 April 2015 Authority to Issue Dr James Galloway Chief Executive
Table of contents Subject Page no. A: CHAPTERS Foreword 5 Section 1: Overview of the Handbook 6 Section 2: Quality Control and Quality Assurance 8 2. Quality, quality control and quality assurance 9 2.1
Association for Project Management Business Management System December 2012 2 Association for Project Management About APM Formed in 1972, the Association for Project Management (APM) is committed to developing
ISO 14001:2015: Key Changes Susan LK Briggs Convenor, ISO TC207/SC1/WG5 TC207 Workshop, 9/8/15 Topics for Discussion Background on ISO 14001 Revision Highlight of key changes in ISO 14001:2015 Top Management
National Research Council Canada Audit of Occupational Safety and Health (OSH) Internal Audit, NRC SEPTEMBER 2010 1.0 Executive Summary and Conclusion Background This report presents the findings of the
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
Government Owned Corporations Corporate Governance Guidelines for Government Owned Corporations Version 2.0 The State of Queensland (Queensland Treasury) The Queensland Government supports and encourages
ISO 9001 and the Supply Chain John DiMaria; CSSBB, HISP, MHISP, AMBCI Sr. Product Manager, Systems Certification - Americas Provide insight into understanding of Clause 4. Context of the Organization Discuss
ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE) THIS POLICY SETS OUT HOW WE WILL MEET OUR COMMITMENT TO OPERATING OUR BUSINESS IN A WAY THAT PROTECTS PERSONAL HEALTH, WELLBEING AND SAFETY
CQI Chartered Quality Institute Introduction Report published in September 2014 by: International Register of Certificated Auditors (IRCA), part of The Chartered Quality Institute (CQI), 2nd Floor North,
Division of Gaming Customer Due Diligence Guidelines for Interactive Gaming & Interactive Wagering Companies November 2005 Customer Due Diligence for Interactive Gaming & Interactive Wagering Companies
GOVERNMENT OF INDIA OFFICE OF THE DIRECTOR GENERAL OF CIVIL AVIATION TECHNICAL CENTRE, OPPOSITE SAFDARJUNG AIRPORT, NEW DELHI 11 0 003 CIVIL AVIATION REQUIREMENTS SERIES 'C' PART I 20 TH JULY 2010 EFFECTIVE:
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
ISSAI 100 The International Standards of Supreme Audit Institutions, or ISSAIs, are issued by INTOSAI, the International Organisation of Supreme Audit Institutions. For more information visit www.issai.org
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)
Governance, Risk and Compliance Charter Charter Owner Director GRC Charter Approver Board of Management Effective date November 15 th, 2013 Date of issue Version Name Title 15 Nov 2013 1.0 Fokko Kool Group
Quality Assurance Policy P7 Table of Content Quality assurance... 3 IIA Australia quality assurance and professional standards... 3 Quality assurance and professional qualifications... 4 Quality assurance
Appendix 3 (normative) High level structure, identical core text, common terms and core definitions NOTE In the Identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic
Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested
Positioning the internal audit function within the Solvency II framework Key challenges Jérôme Sosnowski Director Governance, Risk & Compliance Deloitte Luxembourg Ludovic Bardon Senior Manager Audit Deloitte
Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global