Compliance management in an organization is a system of actions based on implemented regulations (policies, procedures, guidelines).

Effective and actual implementation of such a system must be based on an analysis of the entity's needs, structure, scope of activities, experience and a number of other factors. It is not enough to develop "skeleton" documents, publish them, and then expect them to work by themselves.

Implementing compliance in three steps
 

Our practice is based on the assumption that the implementation of an effective and comprehensive compliance system requires three steps.

1. First of all, we need to know the regulated entity, its structure, needs and risks related to its activities.
2. After the risk assessment, documents can be prepared to form the basis for building an ethical work environment.
3. Finally, after drafting them, it is necessary to implement the resulting principles into the organizational structure and familiarize the staff with the new regulations. Training and completing internal practices (including job descriptions, business or technology processes) is a necessary part of ensuring the effectiveness of your compliance management system. 

If any of these steps is omitted – audit – work on documents – implementation – the system will not function properly, providing a false sense of security to the company's management. 

You will find more in the second article in the series "Compliance in the company" about the compliance management system by Łukasz Kuczkowski and Ewelina Rutkowska entitled "How to prepare and implement a compliance management system". 

See also:
the first article in the series "Compliance in the company" – "What does compliance look like in 2020 in Poland?".