Implementing a new compliance initiative is one of the biggest challenges companies and compliance officers face. Many times, employees see new compliance initiatives as a response to something that went wrong. However, in reality, most new compliance initiatives are the result of changing laws, regulations, company contracts and meeting best practices. If you plan to launch a new compliance initiative in 2016, here are some key tips to help ensure it takes root.
Think of your auditing firm like you would a long-term business partner. They are someone you will work with year after year, and they will be an integral part of setting the stage for your organization’s success. As such, the act of selecting the appropriate assessor shouldn’t be taken lightly. Here are several key qualities your organization should look for when choosing an auditing firm:
Effective compliance and risk management goes far beyond a set of policies. To be effective, a company’s compliance and risk management program must be embedded in its culture. All too often, companies see compliance as a separate activity that does not need to be integrated into the day-to-day business operations. All employees should share responsibility, and an intelligent risk framework should be created that brings compliance out in the open — letting employees know the importance of compliance while allowing them to communicate. But that’s often easier said than done.
Technology advancements move at a blistering pace and the integration of new development languages, frameworks, databases and the like is also quickening. Some new technologies become the foundation for new companies. These new companies need to be continually vigilant in knowing their offerings are secure and they need to be able to demonstrate a level of security to their customers. In addition to frequently being required to meet compliance requirements, these organizations are using security to differentiate their offerings or expand into new verticals. Our clients frequently develop a solution for a particular industry and then find other verticals that may benefit from something similar. During times of expansion, we often get asked about the best methods to establish trust with a new customer base. While different approaches may work better for certain industries, below are three ways an organization can consider when attempting to establish trust with a potential customer.
Effective January 1, 2002, the Institute of Internal Auditors (IIA) released updated standards in the International Professional Practices Framework (IPPF). Internal auditing departments, according to Standard 1312 of the IPPF, must complete an external assessment once every five years from a qualified independent assessor or assessment team. In addition, the chief audit executive (CAE) must discuss the form and frequency of external assessments and the qualifications and independence of the external assessor or assessment team with the board of directors. Standards (unlike practice advisories, practice guides and position papers) are principal focused mandatory requirements consisting of statements for the professional practice of internal auditing and for evaluating the effectiveness of performance which are applicable at the organizational and individual levels.
Source - Workforce Management Channel Today’s business environment is compliance heavy, under continuous scrutiny and intertwined with customer and legislative requirements. However, companies must still ensure compliance with the myriad of standards, requirements, laws, and regulations, such as SSAE 16 Examination (SOC 1), SOC 2/3 Examination, ISO Certification, FedRAMP Assessment, and hundreds more, across all areas of governance and programs.