ISO 19600:2014 Compliance Management Systems

By Jack Kruf.

Compliancy is on the way up. More and more organisations focus on being compliant. Not only for being compliant, but also for karma, transparency, branding, imago, security and accountability reasons. And more. To be reported also to elected councils, citizens and shareholders. ISO defined this 19600 standard and published it on the 15th of December 2014.

It has evaluated since then and has migrated from the machine room and financial departments of the organisation towards C-suite – in the public sector also in the governing councils of mayor and aldermen and CEO’s, city managers and management teams – as a first class strategic aspect of quality in governance and management.

PRIMO underlines that for the public sector the process of compliancy is one of the six major processes where to focus on in good public governance and manage risks within related organisation as well as in the public domain (i.e. society and the natural environment as a whole). But also difficult and challenging to fulfil promises and deliver quality, because municipalities for example have 300 products and services to deliver to their citizens and companies, in the mean have a massive collection of rules and regulations to comply with, with a network of an average of 30 products and services crossing the desks of every employee. Not to speak of the interactions needed with the public domain, where for a city of let us say of 100.000 inhabitants, an average of 1250 different organisations are active within society. All with their stakes, focuses and interests.

A dynamic field to manage and really challenging to be fully compliant. We know that we have to reduce on this and keep it as simple or lean as possible. Not so easy.  And most of time impossible. And then there is this quiet ISO document which give guidance for those working in high dynamics. Practice and theory are always in search to connect in real time.

ISO states in its introduction:

“Organizations that aim to be successful in the long term need to maintain a culture of integrity and compliance, and to consider the needs and expectations of stakeholders. Integrity and compliance are therefore not only the basis, but also an opportunity, for a successful and sustainable organization.

Compliance is an outcome of an organization meeting its obligations, and is made sustainable by embedding it in the culture of the organization and in the behaviour and attitude of people working for it. While maintaining its independence, it is preferable if compliance management is integrated with the organization’s financial, risk, quality, environmental and health and safety management processes and its operational requirements and procedures.

An effective, organization-wide compliance management system enables an organization to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes and organizational standards, as well as standards of good corporate governance, best practices, ethics and community expectations.

An organization’s approach to compliance is ideally shaped by the leadership applying core values and generally accepted corporate governance, ethical and community standards. Embedding compliance in the behaviour of the people working for an organization depends above all on leadership at all levels and clear values of an organization, as well as an acknowledgement and implementation of measures to promote compliant behaviour. If this is not the case at all levels of an organization, there is a risk of noncompliance.

In a number of jurisdictions, the courts have considered an organization’s commitment to compliance through its compliance management system when determining the appropriate penalty to be imposed for contraventions of relevant laws. Therefore, regulatory and judicial bodies can also benefit from this International Standard as a benchmark.

Organizations are increasingly convinced that by applying binding values and appropriate compliance management, they can safeguard their integrity and avoid or minimize noncompliance with the law. Integrity and effective compliance are therefore key elements of good, diligent management. Compliance also contributes to the socially responsible behaviour of organizations.

This International Standard does not specify requirements, but provides guidance on compliance management systems and recommended practices. The guidance in this International Standard is intended to be adaptable, and the use of this guidance can differ depending on the size and level of maturity of an organization’s compliance management system and on the context, nature and complexity of the organization’s activities, including its compliance policy and objectives.”