Beruflich Dokumente
Kultur Dokumente
Management
Marzia Dulal
Asst. Prof.
Dept. of TEM
Marzia Dulal 1
What does the term 'compliance'
describe?
• External Compliance
• External Compliance refers to following the rules, laws and
standards set by the governmental authorities to avoid any
negative impact on the goodwill of the organization. These laws
are made to help an organisation build public relations, trust and
bring transparency to the business it does. Complying with all the
laws ensures any unnecessary duplication of efforts of resources.
Some of the broad heads can be categorized as follows :
Marzia Dulal 3
Marzia Dulal 4
• Internal Compliance :
• Internal compliance refers to internally designed
set of rules and regulations which the owners,
employees, traders, customers follow to maintain
the quality of the services or products provided
by the organisation. An organisation will comply
with external requirements only when it is
working in line with the internal rules and
regulations. Some of the broad heads can be
categorized as below :
Marzia Dulal 5
Marzia Dulal 6
Example
Marzia Dulal 7
Why is compliance important?
Marzia Dulal 8
• Reduced legal charges :
• No business wants to suffer the results of not complying with various laws
and legislations. Complying with those laws will decrease the risk of fines,
penalties, lawsuits or also shutdown of the business. There are so many
regulations related to how employees should be managed, how products
should be manufactured, how buying and selling should be done, how the
business should contribute to the society, etc. Obeying them all is the great
challenge but if achieved, reward is reduced fines or penalties and greater
market share.
Marzia Dulal 9
• Competitive advantage to the businesses :
The business which follows all the rules and regulations and also has strict
internal policies have a competitive advantage over those businesses which
have not complied with the requirements timely. Government authorities,
stakeholders, employees and customers are attracted to such businesses
which strictly follow the compliance and prevent any kind of improper and
unethical behaviour.
• Better public relations :
The success of the business depends a lot on its public image. When an
organisation starts facing court cases or any government interventions, the
market or customers start losing trust in it and this will lead to a negative
financial impact. Compliance will ensure that a company maintains its
public relations and holds a positive image.
Marzia Dulal 10
What duty, objective and responsibility
does a Compliance Officer fulfill?
Marzia Dulal 11
What are the five key functions of a
Compliance Department?
Marzia Dulal 14
Compliance management
Marzia Dulal 15
The Difference Between Compliance and Risk Management
Marzia Dulal 16
Marzia Dulal 17
• Policies
Policies are written documents by high-management level members that
specify the responsibilities and required behaviour of every individual in an
organization. In general, policies are short and don't specify technical
aspects, such as operating systems and vendors. If the organization is
large, policies could be divided into sub-policies.
• Standards
Standards are a low-level description of how the organization will enforce
the policy. In other words, they are used to maintain a minimum level of
effective cyber security. They are also mandatory.
• Procedures
Procedures are detailed documents that describe every step required in
specific tasks, such as creating a new user or password reset. Every step is
mandatory. These procedures must align with the organization's policies.
Marzia Dulal 18
Marzia Dulal 19
Marzia Dulal 20
Marzia Dulal 21
• Rules can be described as the guidelines or
instructions of doing something correctly.
these are the principles that govern the
conduct or behavior or a person in an
organization or country. On the other hand,
regulations refer to the directives or statute
enforced by law, in a particular country.
Marzia Dulal 22
Comparison Chart
BASIS FOR
RULES REGULATIONS
COMPARISON
Meaning The rules are the set of Regulations are the
instruction which tells rules which are
us the way things are authorised by the
to be done. legislation.
Marzia Dulal 23
• Law implies a system of rules, recognized by
a country to regulate the actions of the
citizens. On the other hand, Act is that
segment of legislation, that deals with specific
circumstances and people. Many use the two
legal terms interchangeably, but there is
notable difference between act and law, as
the former is a subset of the latter.
Marzia Dulal 24
Example : Order Entry System
• Business Rule:
A Customer must have an Email Address.
• Business Requirement:
Capability to enter email address for a customer.
This can easily be implemented by providing a GUI to
enter an email address.
Marzia Dulal 25
There are various examples of
Compliance:
Marzia Dulal 26
The compliance management life cycle
with phases, products, and actors.
Marzia Dulal 27
Compliance Management Strategies
• The term compliance, in its literal meanings, is the ‗ability of an
object to yield elastically when a (preferably external) force is
applied‘. In other words, given the presence of an external force,
the object has to respond flexibly without repelling the force
being applied.
• The compliance management includes the legal and tactical
activities in day–to–day business processes.
• ―an act or process to ensure that business operations, processes,
and practices are in accordance with prescriptive (often legal)
documents‖
Marzia Dulal 28
Marzia Dulal 29
• It is clear that the term compliance connects two distinct domains: the
legal domain and the business process domain
• Essentially, the legal domain (that is, regulatory domain) is prescriptive
in nature; it ascribes conditions that details which actions can be
considered legitimate, and which actions must be refrained while
executing a business process.
• In contrast, the business process domain is more descriptive detailing
how business processes are executed to carry out business objectives.
• Compliance aims to gain more understanding on how enterprises should
operate in a more sustainable way to continue providing their services
without violating the applicable regulations that can significantly effect
their business operations
Marzia Dulal 30
Enterprises initiate compliance related activities due to a number of factors that
affect enterprises processes:
(i) imposition of external rules and regulations,
(ii) decision to adhere and define its own internal policies, and
(iii) manage the regulatory processes within the enterprise to fulfill the social
requirements.
However, the identification of the relevant regulations may cause frustration
when regulations are ambiguous and require a great deal of efforts to be
understood.
Thus, enterprises pay less attention to compliance, even when regulatory bodies
put pressure on them to comply with stringent regulations and recommend
severe penalties—or even criminal prosecutions for non–compliance .
To avoid these problems with the regulatory bodies, enterprises are putting more
efforts into the compliance related activities, and employ a number of compliance
reporting strategies namely: design–time ,run–time and auditing
Marzia Dulal 31
• Design–time (otherwise, pre–execution Run–time (otherwise, execution–time)
time) is a preventive compliance compliance checking is a strategy by which
management strategy where business enterprises use specialised software products
processes are assessed for any non– or manual that produce compliance reports
compliant patterns at the very early while the processes are being executed.
stages of the process design. As such, in Auditing (otherwise, post-execution) is a
this approach, the compliance strategy by which specialised compliance
requirements are captured through a consultants manually analyse the logs
logic–based requirements modelling generated by the processes to detect possible
framework, and propagated into business violations. The main drawback of this strategy
processes. Any non–compliant issues can is the use of manual checks, which requires a
be detected in the very early stages, thus great deal of time and resources, and the use
saving an enterprise‘s efforts, time, and of manual checks is thus a costly venture
financial resources.
Marzia Dulal 32