Cross-industrial and independent from the size of a company, compliance is a very important and at the same time a very sensitive topic. In the last years, non-compliance with laws and regulations, e.g. fraud and corruption, resulted for many companies of different sectors in high penalties and a damage of the reputation. Therefore the responsibility for topics connected with compliant behavior is assigned to the highest management level of a company. The design and implementation of a Compliance Management System has the target to assure compliant behavior regarding laws and company-internal regulations, to stop and if needed to punish non-compliant behavior. The compliance topic is strictly connected with the laws and regulations of the relevant country. Therefore mainly the German version of this news contains more details regarding compliance.
Another important instrument to cover risks within a company is the Internal Control System (ICS). Especially the Sarbanes-Oxley-Act of 2002 in the US and new regulations and laws in Europe had a huge influence on companies around the world to establish an Internal Control System based on specific rules. In most cases the ICS is based on the world-wide accepted COSO framework. In this context main aspects are compliance, operational risks and risks regarding financial controlling. The controls are divided in controls and principles on management level, e.g. the task to establish internal regulations, and on the other hand on the operational level. On operational level controls are defined for significant divisions based on a risk catalogue. One important area is the information technology with all its automated controls. Best practice controls are described in a standardized format and contain especially information about the control activity, actions to be taken when an error is detected based on the control and the evidence that the control was executed. In this way the control activity is clearly defined. In an effective process and control system, also the key processes are documented, so that the controls can be assigned to the equivalent process step. Thus there are two ways to define controls that complement each other: based on the risk catalogue and based on the key processes. In this way it is also quite clear that an effective and efficient internal control system and process management system reduces the costs to establish the system and increases the benefit, assumed that the risk catalogue fits well to the company.
There might be some (slight) differences regarding the design and implementation of an Internal Control System in different countries, but main patterns and targets are the same.
There are a lot of more details and aspects regarding the three topics compliance, Internal Control System and process efficiency. An effective and efficient design and implementation of a Compliance Management System, of an Internal Control System and of processes and the equivalent documentation has a lot of big advantages to improve the performance of a company and to cover risks. But there is no hundred per cent security against any kind of criminal activities. In the end the responsible persons, employees and managers and the values of a society decide about the success of these instruments.
What are your experiences regarding these topics? Are you currently working on these topics? Do you need any support or do you want to discuss any of the issues raised in greater detail? Please send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. .