Top Stories

The Ingredients for a Successful Risk and Compliance Management System

By Beven Schwaiger, CEO, integrum Management Systems
Posted: 16th February 2018 09:00

At integrum we are fortunate to work with many types of companies and industries across the globe, from global Fortune 500 companies and government departments to small, nimble enterprises. We assist them to implement best of breed risk and compliance management systems (GRC, QHSE, Sustainability etc) and work with their teams on how to better manage and track their business operations, reduce risks and ensure compliance.
We believe there are four key ingredients for a successful risk and compliance system namely:
a) Closed loop action system;
b) Accountability;
c) Transparency, and
d) Real time reporting and analysis.
Most organisations have methods to identify and rate their major risks, (albeit most likely using spreadsheets) and to identify controls that should be applied. However, this is only part of the solution. The major challenge is how to implement controls, assign responsibility, ensure controls are in place and are effective. This is where the vast majority of organisations struggle and the use of spreadsheets fail.
Closed Loop Action System
It is important to ensure there is a closed loop system for assigning ownership for risks and control actions (also referred to as risk treatments) with visibility and accountability. One alarming trend we see is that organisations deploy a task (or action) management process for their staff with no closed loop system in place, or assigning no fixed due date for completion.
Not only is it inefficient, it fails to provide that element of accountability and transparency needed to ensure allocated tasks or actions are completed or more importantly completed on time.
Worse still, in areas of business risk and compliance this creates a ‘smoking gun’ environment, one where foreseeable risks are identified, actions are assigned, but without a closed loop system to ensure timely closure of actions, if they remain open and incomplete, AND if that foreseeable risk occurs….smoking gun! In other words, the business has identified a risk, set a plan to mitigate or limit the risk but failed to ensure the plan was effected, or was effective. In legal terms it's called failure or lack of due diligence. In business terms it's is called a failure to have in place a management system.
By using electronic management system software the best companies (large and small) we work with are those who emphasise a closed loop action system… for everything. Accountable and transparent, assigned responsibility and performance measured on completing actions on time and in full.
If your team members are accountable at every level of your management system, from the top down, or more importantly from the bottom up, then you have a continuous line of management responsibility/accountability. This is extremely important because if you are accountable for delivering results, or even simply accountable to close off actions or tasks on time, then it flows up the chain, and in effect you have created a closed loop system.
Think about your own management systems within your business – is there accountability at every level – to deliver the agreed objectives, targets or even simply, to close actions or tasks on time? The same principles apply to risk and compliance management systems.
The next ingredient is just as important and is inter-related to accountability. Transparency within your system, at every level, will create an openness to share and disclose information which in turn drives home the responsibility and as a result the accountability of your team’s actions and performance.
This is where electronic management systems should come into their own. If they have been well implemented, they should provide both accountability and transparency.
When we move organisations from their legacy paper based systems to the integrum software system, it throws up the challenge for some corporations to have to apply a different mindset, (or corporate culture if you will), on how they operate as a business. Systems within business should be transparent and people should be accountable within their own job functions and as part of the management system collectively. This can be a challenge for some organisations. Of course you can control access to information and limit who can see what in integrum, (e.g. line management etc.) but the best systems are those that create the ingredients of accountability and transparency.
Real Time Reporting
A good management system software should provide real time visibility of your management systems, the key performance indicators, the team, their performance, and offer transparency amongst their peers and management. In fact it becomes accountability by transparency and it promotes the right culture for continuous improvement.
So it is important to have real time reporting and dashboards – not waiting for monthly reporting by spreadsheet otherwise you are operating blind.
Why not have real time reporting on risk and control actions completed, actions overdue, number of controls managed, number of defects closed, number of complaints resolved, inspections done, documents approved, risks rated, etc – the list is endless.
In other words, in real time, how is the business actually performing?
But it needs top down direction and implementation of simple systems to ensure actions are assigned, dates for completion are met and can be tracked in real time. Not waiting for a monthly spreadsheet update on how your team members are managing their risks, controls and actions

About integrum

For over 21 years integrum has assisted corporations worldwide to integrate their management systems for Risk & Compliance, QHSE, and Corporate Governance.
integrumis used in operations globally with over 1,000,000 licensed users in over 200 countries and is rapidly becoming the global benchmark in integrated management systems software.
As a comprehensive Governance Risk & Compliance Management system in the one application, integrum incorporates risk management, incident and investigation management, and closed-loop action workflows, audit, training & eLearning management, supplier & contractor management, & controlled document management.
Also contains powerful Business Intelligence system for dashboard and analytics reporting and supports mobile users with apps and offline functionality.

About the Speaker

Beven Schwaiger, CEO and founder of integrum.
Beven is a Risk & Compliance Specialist, has over 30 years of experience as a lawyer and management consultant specialising in due diligence and compliance systems for Risk & Compliance, Quality, Health Safety Environment management systems.
Beven has assisted global organisations in implementing integrated risk and compliance management systems in accordance with international standards, working in Asia Pacific, Europe, Middle East & Americas.
Beven has been at the forefront of software technology development in the area of integrated management systems for the last 21 years.

Related articles