Compliance Framework – Other components:
Attestations, Breach Registers, Culture
In a previous article we wrote about the Key Components of a Compliance Framework and the importance of the Obligations Register and the relevant rules. We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board.
How can we achieve this assurance?
By implementing the following components in your compliance process:
- Attestations - Compliance questions can be created from key obligations and distributed to staff and executives for regular and periodic attestations that they are compliant with the relevant obligations or their underlying controls. (Refer Fig 1).
The objective of these questions is twofold; firstly, to remind staff of their obligations and secondly to give comfort to Executive Management and Board that staff are being (or at least trying to be) compliant with their obligations. Attestation reporting should aggregate responses by key risks and obligations and present the trend of compliance/non-compliance over time.
Taking this process one step further may involve providing evidence of compliance to support the attestation. This may be achieved by attaching a document or equivalent to the attestation response.