For many of us the term compliance brings up the image of grey-suited former Anglo Irish Bank executives trooping in and out of the courts. That is hardly surprising given the dramatic impact of the failure of our banking system on the economy.
But today the importance of compliance goes far beyond banking and financial services to be relevant to every part of business life.
Managing organisational risk is a challenge today for all sectors and industries and if not undertaken properly can cause fundamental damage. This means that the management of compliance must be a key strategic capability and not a functional box ticking exercise.
Look at the global storm last year when Fonterra, the New Zealand dairy producer, was the subject of major unwanted attention when botulism causing bacteria was found during tests of whey products used in infant formula and sport drinks. The finding triggered a worldwide recall of its products, the imposition of a temporary ban on the import of its products into the vital Chinese market and serious damage to its brand.
At a more local level, think of the headline news triggered by the recent announcement by the American Food and Drug Administration (FDA) that a GSK plant in Cork’s response to an FDA finding “lacked sufficient corrective actions”. This was a global story because of the threat by the FDA to withhold approval for any new GSK products and the fact that they sent the letter to Sir Andrew Whitty, the global CEO of GSK. Not surprisingly GSK responded vigorously by recalling the relevant drugs and working with the Irish Medicines Board to investigate and rectify the problem.
The demands of regulation and events such as happened to Fonterra and GSK mean that most organisations are much more aware of the need to improve their compliance capability. Most PLC boards today have a risk committee whose responsibility is to ensure oversight of an organisation’s regulatory obligations and that the appropriate processes and procedures are in place to assess and mitigate the organisation’s exposure.
However, while a board can oversee a compliance strategy, it is only effective management practice that ensures that an organisation can make it effective.organisations are much more aware of the need to improve their compliance capability. Most PLC boards today have a risk committee whose responsibility is to ensure oversight of an organisation’s regulatory obligations and that the appropriate processes and procedures are in place to assess and mitigate the organisation’s exposure.
This means that risk management begins with management.
Managers must have:
- an understanding of their organisational context
- an ability to assess and mitigate risk in their areas of responsibility
- and an understanding that it is their behaviours and those of their colleagues that ensure that compliance can really be effective.
IMI we have developed a specialised Diploma in the Management of Compliance which is designed to help both organisations and individual managers to meet this very important challenge.
Click here for more information on the IMI Diploma in the Management of Compliance.
Dr. Jonathan Westrup is the Programme Director of the IMI Diploma in Strategy and Innovation and of the IMI Diploma in Regulatory Management. His expertise is in the areas of business, organisational and regulatory strategy and corporate governance.