Having a standard process for managing compliance requirements improves the effectiveness and reliability of the organization’s governance system, reduces the total workload, and creates greater opportunity for system integration.

Each compliance requirement should be assigned to a manager with accountability for these tasks:

  1. Understand the requirement. This means not only familiarity with the original statement of the requirement, but also awareness of foreshadowed changes.
  2. Interpret the requirement. Determine what the requirement actually means for the organization: what does it have to do, that it otherwise might not do, and what must it not do, that it otherwise might do?
  3. Monitor the affected activities. Identify the procedures that include steps and controls relevant to the requirement. Be aware of changes to those procedures, and the introduction of new procedures, to ensure continued compliance.
  4. Provide training and awareness. Most requirements entail some level of awareness on the part of employees.
  5. Detect and respond to non-compliance.
  6. Manage external compliance tasks. Some requirements call for third-party audits or external reports and filings.
  7. Internal report: be able to report to management and Board on the state of the organization’s compliance with the requirement.