Are You Ready for the ISO Standard on Compliance Management?

 The new ISO standard 19600 should get your attention. Its the impetus, or motivating factor, that is as compelling to companies on the fence about whether they are interested in investing in a company-wide GRC initiative as Sarbanes Oxley was for publicly traded companies (listed on US stock exchanges) in 2003. Yet this is an international standard. Why should we, as a small company even care? The reason is that companies that want to leverage your company's products or services may require that you comply or else they may find another supplier or trading partner. One that will comply with ISO 19600. There are many other reasons that relate to building strategic shareholder value, but let's hear what ISO has to say on this topic...

The following text has appeared on the ISO website:

Compliance has become one of the biggest challenges facing businesses today. Failing to have the right controls and culture in place could mean forking out millions in fines. So how can businesses get it right? Look no further than the newly published ISO 19600:2014 for guidelines on compliance management systems.

With new laws and regulations announced almost every week, and the steep cost of non-compliance, ISO 19600 could be just the solution that large and small organizations are looking for. Simply put, compliance refers to a company obeying applicable laws, relevant industry standards and internal policies (e.g. codes of conduct) it has decided to implement because they impact upon its business, its staff and its treatment of consumers. Basically, the foremost goal of compliance is to make sure that companies fulfil their responsibilities and effectively manage the risk of doing harm to their reputations.

Developed by ISO project committee ISO/PC 271, Compliance management systems, the new ISO 19600 gives comprehensive guidance with helpful and easy-to-follow examples for users wanting to implement a compliance management system or benchmark their framework against a standard.

Many businesses, however, question the need for compliance and its associated costs. But there is a catch, and not bothering to have the right controls in place could result in hefty fines as well as reputational damage. So what’s a company to do?  According to Martin Tolar, Chair of ISO/PC 271, the new standard could greatly assist the continual improvement of compliance frameworks. “ISO 19600:2014 is expected to serve as a global benchmark for compliance officers, businesses, commentators, academics – and regulators and the courts of course. And thanks to the standard’s customizable guidance, all organizations can benefit.”

 

If you're interested in getting educated on how best to go about deploying a GRC program initiative, contact us and we can help. We're working on a multi-segment introduction to GRC courseware series and we're looking for sponsors and potential sites to beta test the content at.