Statement-Based vs Evidence-Based Compliance
February 26, 2019
Over the past 12 months, the need for robust risk and compliance policy, procedure and management has become evident from the Royal Commission into the financial services industry. The Commission has highlighted that a business culture into which risk management is embedded is not just important but is now essential to the protection and long term security of organisations. The landscape has changed, and with it the level of scrutiny from multiple stakeholders that organisations can expect to be subject to.
Through the various Commissions, a number of high profile business managers have stated that the culture of their respective organisations is not up to standard in that they have no structure in place to make staff members accountable rather than simply being responsible.
“The main difference between responsibility and accountability is that responsibility can be shared while accountability cannot. Being accountable not only means being responsible for something but also ultimately being answerable for your actions.“
Businesses will need to adjust toward a culture of accountability, and they need to do so rapidly. In doing so, many will need to adjust their business-wide thinking around risk and compliance. No longer will business leaders be able state they are responsible and that they should be taken at their word or attest that risk and compliance is working effectively. The Royal Commission outcomes have determined that leaders are accountable and therefore now answerable when issues arise.
At clrHorizon, we believe this will drive a shift in businesses risk and compliance policy away from what we call a ‘Statement-based’ approach toward an ‘Evidenced-based’ approach.
The traditional statement-based approach uses a collection of responses, attestations and statements from business leaders that obligations are being met, risks are being mitigated and controls are in place and working effectively. This relies heavily on trust across the organisation and is prone to human error or simple lack of attention.
The evidenced-based approach uses assurance activities, control reports and obligation controls that prove or demonstrate that obligations are being met, risks are being mitigated and controls are working effectively. In other words, there is a clear framework in place which relies on robust evidential data being gathered and monitored, rather than human hearsay.
As businesses shift their risk and compliance frameworks, they will need to consider consolidating their associated systems and activities to make management more streamlined and to take an organisation-wide, holistic approach to that management.
This will require businesses to move away from individual solutions which can very by department and have no centralised controls, to a platform-based enterprise solution that can accommodate and unify multiple requirements including multiple business units and tiers within organisations. The aim will be to support multiple compliance, legal and risk management processes on one platform that can adapt to rapidly changing business and regulatory requirements. A platform approach, integrated fully across an organisation, facilitates collaboration and information sharing at all levels and between various stakeholders.
Recognising the importance of human involvement in effective compliance, legal and risk activities, a platform should provide a user-friendly and compelling solution that enables accountable staff to manage their day-to-day risk and compliance activities and also provides the necessary information to senior management, boards, regulators and external parties. This accountable, evidence-based approach will support the continued well-being of the organisation and stand up to rigorous scrutiny.
The clrHorizon Solution
The primary objective of the clrHorizon platform is to automate much of the work associated with managing and reporting of compliance, legal and risk activities. The primary users of the platform are business-aligned and centralised risk and compliance staff, internal and external auditors, management, leaders and board members. clrHorizon is built on Salesforce.com which provides a leading, user-friendly and compelling solution that enables accountable staff to manage their day-to-day activities and their risk and compliance frameworks.