CS Professional:Secretarial Audit Compliance Management and Due Diligence [Ch-1 Compliance Framework]

1. Compliance with laws and regulation is an integral part of a corporate strategy.so, establishing a compliance management system (CMS) with which facilitates the risk management system (RMS) will reduce compliance risks.
2. participation of senior management for reviewing effectiveness and so that it remains updated/relevant according to the regulatory regime.
3. a CMS includes compliance Program,compliance Reporting,compliance Audit.
• compliance Programming consists of  policies and procedures
• compliance Auditing=independent testing of compliance level
4. Corporate CM involves a brief research,analysis,investigation and evaluation to determine potential issues and get past and future performances with CS playing a core role.
5. corporate CM depends on various factors affecting the business and should be drawn as necessary.

CORPORATE COMPLIANCE MANAGEMENT

1. compliance Chart
• mention applicable laws and explains how compliance risk mitigation activities embedded in business processes.
• helps the business in meeting it's compliance obligations towards customers, regulators, shareholders and employees because it provides a centralize compliance information on a single chart.
• reflects key activities and compliance calendar to manage compliance risks.
2. compliance Advisory
• advice on compliance
3. compliance Scorecard
• to analyse the organisation's position in compliance
4. compliance Dashboard
• single enterprise-wide dashboard for all users to track and trend compliance events
• easily viewable and interactive
• auditors and officers can make decisions on compliance status
5. compliance Policy/Procedures
• conformity with ever-changing rules and regulations is a critical requirement
• well-designed document management system
• driven by collaborative tools like creation, review, approval and release process of policy documents and Standard Operating Procedures (SOPs) that provide core document management functionality.
6. compliance Rules and Regulations
• continuously stay in sync 
• various departments notified proactively through emails to critically change policies and procedures for adherence to new rules and regulations.
• as tracking down a few regulations may be feasible but tracking down state-wide, nation-wide or world-wide regulations may be error prone
7. compliance Audit
• facilitated through a real time system
• not an annual activity
• appropriate evidence of internal audits becomes critical in defending compliances.
8. Quality Management
• quality initiatives to industry mandates like six sigma or ISO 9000
• part of a well designed CMS
• compliance and quality are two sides of the same coin
9. Compliance Training
• evidence of employee training for complete knowledge and procedures to avoid hefty and penalties.
10. Compliance Task Management
• plan to manage and report status of all activities
• automated updates by respective modules to be seen by concerned authorities

 COMPLIANCE CHART PREPARATION 

• prepared after considering operations/structure of co. as it's subjective to each co.
• role of CS operates after considering:
• applicable laws/rules/regulations:
1. as per the concerned business model along with respective environmental,health and safety aspects and data security requirements.
2. periodical review of compliance requirements with regulatory updates.
3. kept up to date for reflecting compliance obligations and associated risks.
4. prerequisites and restrictions to be reflected.
5. in case of conflict between internal/external Or between self-imposed/legal obligations, the more stringent ones would prevail.
• risk assessment:
1. management has ultimate accountability for risk control
2. done according to changes in business profile ,i.e, as soon as a new change occurs.
3. categorized into Critical,High,Medium or Low
• HIGH LEVEL RISK ASSESSMENT
• DETAILED RISK ASSESSMENT
4. assessment reports discussed and signed off according to risk management procedures.
5. combo of desk assessments/interviews/workshops but aligned with risk management standards.
• compliance risk mitigation:
1. developing and implementing rules to prevent/minimize risks
2. local policies made to be implemented and communicated in ways that are accessible to all employees.
3. RISKS OF NON-COMPLIANCE
• cessation of business activities
• civil action by authorities
• punitive actions such as fines
• imprisonment
• public embarrassment
• reputation damaged
• attachment of bank accounts 
• compliance monitoring-ownership/allocation
1. function wise/individual wise
2. clear primary/secondary ownership
• PRIMARY-responsible for compliance
• SECONDARY-primary's supervisor, supervises compliance
3. under various managements
• TOP-understanding obligations/changes;approvals;motivation and incentive
• LEGAL-reforming; communication to respective owner/executor; review/assessment; resolutions/clarity
• SR. MGMT/FNCTN Heads-analysis/research; formation; guidance; tracking
• OFFICERS/subordinate STAFF -- performing obligations; updating performance into chart; risk and conflict ID-ing/intimation
• compliance reporting:
1. for apt corrective action by person responsible
2. like automated escalated emails in case of non-compliance;pop-ups for due dates.
3. a brief process as adapted by company-
• reporting by functional heads according to ownership by collecting/classifying relevant info and consolidate in a report.
• report shall affirm that info is based on inputs received from various units/depts. and mention all compliances/non-compliances as circulated.
• each report forwarded to CS/MD
• upon suitable inputs from CS, MD will consolidate and present a comprehensive compliance report to BoD for info/advice and noting
4. allows to assess if compliance risks exceed the company's risk appetite and it's discussion and communication.
5. PERIODICAL COMPLIANCE MANAGEMENT INFO SYSTEM (MIS)-at least quarterly,reports to be discussed at risk management committee meetings.
6. CYCLICAL/INCIDENTAL REPORTING
• CS as a compliance manager supposed to create a compliance framework for translating regulatory requirements into management actions.
• CONTENT
1. detailed compliance procedure according to applicable laws, regulations, industry standards & compliance policies;
2. concise statements containing obligations and related risks;
3. inherent and managed risk levels of obligations;
4. business process/people linked to the compliance obligations;
5. specified compliance risk mitigation activities complete with compliance risk monitoring/tracking;
6. reporting authorities (whom and how);
7. clear hierarchy outlined
8. practical and concise on role and responsibilities of management/Compliance Officer

                 

COMPLIANCE RISK-REVIEW/UPDATION

• testing whether risk mitigation activities work
• documented/reviewed and updated annually if necessary
• compliance risk monitoring plan must include:
• concise statements capturing relevant obligations and risks
• business processes 
• specific compliance risk mitigation activities
• first line tracking (routinely), second line (health check), third line assurance (independent review)
• brief description of performance
• tracking frequency
• report recipients

FOLLOWING ADOPTED FOR ACCESSING COMPLIANCE MECHANISM:

1. risk/cultural assessment
• employee surveys
• interview
• document reviews
• ethics and compliance validation
2. program design/update-review of guideline documents
3. policies and procedure
4. communication,training and implementation
5. on-going self assessment,monitoring and reporting

TRAINING AND IMPLEMENTATION

• to create awareness and made privy to requirements of:
• company framework
• roles and responsibilities outlined in policies
• critical and high compliance obligations in compliance chart
• process of addressing compliance issues/reporting concerns
• consequence of failure to meet obligations
• meetings,training,communication,manuals containing compliance details
• annual plan developed and updated as required indicating target audience and delivery method.
• plans must include:
• concise statements capturing relevant obligations and risks
• business processes
• brief description
• target audience
• frequency of activities

COMPLIANCE AUDIT

1. planned,performed and reported separately on regular basis.
2. as per CAG auditing standards- an independent assessment of compliance with applicable authorities identified as criteria.
3. concerned with:
• REGULATORY-adherence to formal criteria
• PROPRIETY-observation of general principles governing sound financial management and public officials' ethical conduct.
4. SIGNIFICANCE OF CORPORATE COMPLIANCE MANAGEMENT
• foundation for control environment
• avoiding monetary/imprisonment penalties
• healthy returns through employer/customer liability and public respect transitioning into stronger market cap
• safety valve
• cost saving
• better brand image/goodwill
• enhanced credibility/creditworthiness
• recognition as a civilian

TYPES OF COMPLIANCE

• APPARENT COMPLIANCE
1. disguised non-compliance such as generating documents for improbable events.
2. inadmissible
• ADEQUATE COMPLIANCE
1. compliance in letter without getting in the spirit.
2. like box ticking practices
• ABSOLUTE COMPLIANCE
1. in line with spirit as well as intent of law.
2. such as demonstrating shareholder's democracy as reflected in law.
3. to be striven for.
• gains public confidence
• enhanced investor-relations
• increased brand value

ROLE OF CS IN COMPLIANCE MANAGEMENT