Organisations are being scrutinised ever more. Communities have become more suspicious of their activities than they used to be. Regulatory, Tax, Environmental, Labour, MSME, and other governmental lenses by which they are scrutinised, have become sharper with time. Apart from governments, smartphone wielding citizens have started recording and posting in social media channels, pictures and videos on all kinds of aspects – effluent discharges, harsh communication by employees etc. Entire business models of certain start-ups are around providing space to employees and other stakeholders to post their “reviews”, essentially their gripes, about specific organisations. Also, operations of many organisations have become mammoth, increasing apprehensions of accidents.
Protecting and building business reputation has become a far tougher practice, fraught with unknown risks – issues often arise out of the blue and within hours take organisations into damaging storms.
Establishing Compliance
There are, typically, multiple compliance-driving functions in modern organisations. The Accounting and the Legal functions are perhaps the oldest and the most ubiquitous of them. In organisations containing manufacturing operations, one typically comes across Quality and ‘EHS’ functions – Environment, Health and Safety. In the past decade or so, two new norms have arisen, one thanks to greater shareholder activism and the other due to increasing dependence on IT systems – Enterprise Risk Management, and Business Continuity Planning. Each of these functions has a global intellectual foundation, typically anchored as a published and periodically updated international standard (except for Accounting and Legal, the rest of the standards are typically published by the ISO).
For a given function, these compliances translate into designing processes that are compliant with the various standards, keeping relevant staff knowledgeable about them, maintaining adequate documentation, and also, being responsive to the queries and information requests of auditors.
For a given function, these compliances translate into designing processes that are compliant with the various standards, keeping relevant staff knowledgeable about them, maintaining adequate documentation, and also, being responsive to the queries and information requests of auditors. Based on auditor comments, they are expected to take preventive and corrective actions, some of which may be expensive, entailing installation of capital equipment. In short, not only should functions stay compliant, they should maintain adequate evidence that they have been compliant all along.
In the case of a known breach of any of the standards, it is typically expected by the standards that the breach would be declared by the organisation unbidden, along with citing measures being taken to prevent further or repeat breaches.
While speaking with employees of a function, it becomes fairly obvious as to how all these standards are being managed among them – we sometimes find employees knowledgeable about the requirements and sometimes find them not so conscious of them. Sometimes, employees ask us to direct queries regarding standards, compliances and audits to the department manager. There is no correct or best way to go about staying compliant – so long as one stays compliant.
Related Readings :
ROBISON J, POWER A, GRAFSTEIN D. Compliance Is A Culture Issue, Gallup, Workplace ( 2019 )
DVORAK N, POWER A. Culture Drives Your Ethics And Compliance Reporting Ratio, Gallup, Workplace ( 2020 )
RAMANATHAN S. Compliance Culture – Its Importance And How To Prevent It From Becoming Just A Buzzword, ETCFO ( 2019 )
