Module Application
- Does your organisation have legal and regulatory obligations to comply with?
- Is your organisation required to comply with ISO 37301:2021 Compliance management systems?
- Does your organisation wish to be accredited against ISO 37301:2021 Compliance management systems?
Module Scope
The RISK AND COMPLIANCE module provides information to organisations and entry level compliance officers on good governance, how to implement an effective compliance management system and robust internal systems of control and reporting to:
- Monitor the organisation’s performance
- Develop strategic directions that enhance the organisation’s value
- Make decisions in the best interests of the organisation
- Fully discharge the organisation’s duty of care and diligence
The RISK AND COMPLIANCE module comprehensively covers the requirements of ISO 37301:2021 Compliance management systems (the standard), including:
- Determining the scope and context of the compliance management system (CMS)
- Demonstrating leadership and commitment to the CMS
- Planning for the CMS
- Training and supporting personnel
- Operational planning and effective controls
- Evaluating the CMS
- Investigating and rectifying non-compliance
Organisations, their employees and authorised individuals are all expected to be familiar with the broad landscape of legal and regulatory obligations to which they are subject as well as more specific obligations relevant to the particular sector in which they are operating. The RISK AND COMPLIANCE module should be subscribed to by every organisation with a compliance function. The aim of the module is to equip the subscriber with knowledge of their requirements under the standard and the relevant systems and processes that should be implemented to ensure an effective compliance management system.
The specific questions and answers covered by the module are:
- How to determine the scope of an organisation’s compliance management system in light of its business model, management structure and the cultural, social and environmental contexts in which it operates
- How top management can demonstrate a commitment to a compliance culture
- How to identify, document and communicate the organisation’s compliance objectives throughout the organisation
- How to develop an effective compliance policy, and how breaches should be reported
- How to implement an effective risk management framework to address compliance objectives
- Reviewing and auditing the compliance management system
- Investigating and reporting compliance breaches
- How to strive for continuous improvement of the compliance management system
The RISK AND COMPLIANCE module covers all of an organisation’s obligations under the standard and demonstrates practical assistance and guidance to ensure that these obligations are complied with through the implementation and maintenance of best practice processes throughout the organisation.
There are no specific penalties for failure to comply with the standard, as compliance is voluntary. However, businesses that operate in regulated industries may be required to have ISO certification (which certifies that an organisation meets the standard) to operate, or a specific client may require ISO certification. Without ISO certification, the organisation may have difficulties getting into the market. This could mean lost opportunities and significant financial losses, and may affect relevant interested parties. Non-compliance may also result in reputational damage and loss of licence to operate.
The RISK AND COMPLIANCE module covers the role and responsibilities of an organisation. It does not cover the role or actions to be taken by consumers in the event of a breach of regulations or obligations by an organisation.