Just released - Ideagen's latest Education Risk Report
Subscribe
Article

Risk Silos Part 3: Compliance Silos

21/09/23
Resources

In our first and second articles in this series, we introduced the concept of risk silos and what you can do about them and then discussed an integrated approach to risk management. In this article, we will take a closer look at compliance silos.


 

Are there compliance silos in your organisation?

When you think about compliance management in your organisation, do any of the following apply?

 

  • Individual business units have their own systems and processes, including training and record keeping for managing their compliance requirements.
  • Some areas of operation have well-developed compliance activities while other aspects of the business lack awareness of, and fail to have any structure for, managing compliance requirements in their operations, identifying non-compliance and implementing corrective actions.

 

If you have answered yes to any of the above, then it is possible that you, like many other organisations, have compliance silos in your organisation.

 

 

What is compliance?

It is important to understand that compliance is an organisational requirement that is essential to good organisational governance and that requires understanding of compliance activities across the organisation at the board level.

The Compliance Management Standard ISO 37301: 2021 (Compliance Standard) defines compliance as “an ongoing process and the outcome of an organisation meetings its obligations”.

The Compliance Standard also defines compliance obligations as “requirements that an organisation mandatorily has to comply as well as those the organisation voluntarily chooses to comply with”. This is an important definition as compliance encompasses more than just frontline legal compliance but broader compliance requirements arising from partnerships, contracts and industry standards.

 

There are several benefits to be gained when compliance is managed effectively. These include, as covered in the Compliance Standard:

 

  • improving business opportunities and sustainability
  • protecting and enhancing reputation and credibility
  • ensuring that the expectations of others are considered
  • demonstrating a commitment to managing compliance risks effectively
  • increasing confidence of third parties in the organisation
  • minimising risks of contravention and costs and damage caused by non-compliance.

 

What exactly is a compliance silo?

Like a risk silo, a compliance silo means that compliance activities and tasks are done in isolation (autonomously) rather than in an integrated way. Compliance silos can happen within any type and at any level of an organisation.

 

What types of factors lead to compliance silos developing?

As organisations grow, so does the risk that compliance silos will develop. For example, the more business units and locations that are created, the more likely it is that localised compliance activities will take place with information failing to flow to other areas and levels in the organisation. Additionally, without a centralised approach, organisations are forced to rely on the competence of individual managers in managing compliance activities and in giving sufficient priority to ensuring compliance and dealing effectively with any non-compliance.

 

The development of compliance silos can also be exacerbated by the following factors:

  • if a culture of compliance is not obvious and not led or influenced by top management
  • if there is no coordinated system, software or process for identifying compliance requirements across the entire ­­­organisation
  • if there aren’t technology solutions for compliance to enable organisation-wide visibility of compliance activities
  • compliance activities are purely focused on frontline activities with managers at the frontline taking responsibility for compliance without leadership oversight or leadership visibility of compliance activity
  • if there are distinct and specific compliance requirements related to an aspect of a business (e.g. chemical use and health and safety).

 

What can you do to help break down compliance silos?

A useful way of breaking down compliance silos is to approach compliance management in an integrated way. Some simple steps to get you started are:

 

  1. Identify compliance requirements across the organisation. This step is essential to begin managing compliance related risks. To start, look at the compliance obligations that arise from your business operations, as well as any legal and regulatory compliance requirements in each operational area. You should also include any non-mandatory compliance requirements that arise from contracts and partnerships with key stakeholders.
  2. Develop a centralised system and processes to manage compliance requirements so that there is a consistent approach to where information is available, records are kept, and the types of implementation steps required (training, reporting, etc). This may include a register of obligations including the source, the area of the business the obligation applies to, who will keep that information up to date, and the last time the source was reviewed to ensure currency of obligation.
  3. Provide training to managers across the organisation, so that they are familiar with the compliance management systems and processes required to be followed, where information is available, what records they should keep, and how to report any new obligations or compliance breaches along the way.

 

Conclusion

Compliance silos can easily occur, especially as organisations experience growth in teams and locations. If you start to recognise compliance silos developing in your organisation, consider some of the steps that you can take to bring compliance management back to an integrated approach.

 

First Nations EDU Webinar  EDM Banners

 

Share this
About the Author

Jonathan Oliver

Jonathan Oliver has been a lawyer in NSW since 1986 and worked in private practice (initially in general practice, and later as a specialist family lawyer) and then in community legal centres. More recently he spent 10 years as a business manager at an independent school in Sydney. He has been with Ideagen CompliSpace since 2016 and is the principal consultant in governance risk and compliance (GRC). He assists schools, commercial and financial services clients and the not-for-profit sector in all areas of risk and compliance, governance and policy management. He frequently presents to governing bodies and executive teams on GRC issues including facilitating workshops and strategic planning activities. He has presented at many education law webinars on risk and compliance and related topics.

Resources you may like

Article
Fortifying the digital walls: Why cyber security is crucial for school governance

In today's digital age, cyber security has become an essential aspect of governance, risk, and...

Read More
Article
Take the #BraveChallenge to help fight child sexual abuse

Bravehearts Day (previously known as White Balloon Day) is a day dedicated to raising funds and...

Read More
Article
Being reasonable in applying the right to disconnect

From 26 August 2024 schools will need to adapt to each employee’s new right to refuse to read,...

Read More

Want School Governance delivered to your inbox weekly?

Sign up today!
Subscribe