GRC Corporate Compliance Solutions

Home / GRC Corporate Compliance Solutions

GRC Corporate Compliance Solutions


In Today’s scenario Compliance relating to Statutory, contractual or any other requirement has become one of the major Risk for business. Compliance is getting more and more demanding because it’s one thing where Senior Management is responsible for any nonconformity which depends on response of their team.

E&Y Business Risk Report 2010, listed “Regulation and compliance” as the biggest risk. Compliance has remained one of the most prominent risks since 2008. The Clause 49 of the listing Agreement of SEBI in India; and similar laws in other countries put responsibility on Directors, CEOs and CFOs for adherence to statutory compliance. This requires too much of follow up and takes away lot of productive time & energy.

A normal Mid-Size company in India need to comply approximately 300 Statutory Compliances; and considering the recurrence the number jumps to over 2000 per year. If an organization misses one such compliance this can lead to fine / penalty or imprisonment and most importantly impacts its reputation.

GRC has developed an IT Tool called “Corporate Compliance Controller”; which automates the administration and management of compliance management processes to ensure organization is adhering to the latest regulatory requirements. It provides clear, real-time visibility into organization’s compliance activities and to transform an administrative headache into a valuable area for cost savings and business improvement, while minimizing risk.The software is highly customizable and easy to use.

This takes one time effort to upload compliances thru an excel sheet and then the software takes on. It reminds the person, it escalates, reminds boss for non compliance and corrective action and keep a systematic record. It generates wonderful one click reports on your monitor duly color coded. Senior Management feels to be in 100% control when they are in front of the dash board graphical reports.The system leads to transparency and sense of ownership to employees.

This leads to employee satisfaction and increased ownership in the company; where as the senior management keeps track of the company compliance performance and takes preventive & corrective actions on time.

Process

Identification of Activities (Controls) relating Compliance

The compliance relating to Regulations, Financial, OSHA, insurance, ISO, Policy & Procedures requirements needs to be listed by person responsible for compliance in the organization.

Activity Listing

The Checklist needs to be compiled with following information:

  • Company / Division / Ministry
  • Location / Plant
  • Department / Section / Team
  • Activity
  • Category(User Defined like - Statutory Compliance, External Reporting, Internal Reporting within the company, Internal Reporting within the group, Contractual Compliance etc.)
  • Relevant - Act / Contract / Project
  • Reference – Section / Regulations / Schedules / Vendor / Customer / Third Party
  • Form No. / Reference No of Clause (If applicable)
  • Person Responsible
    • Primary
    • Secondary
  • Reporting
    • To
    • CC
  • Recurrence
    • Daily, Weekly, Fortnightly, Monthly, Quarterly, Six Monthly, Yearly, Onetime
    • Start Date - Day, Month, Year
    • End Date - Day, Month, Year
  • Alerts
    • No of Alerts
    • 1st Alert (No of Days before Event)
    • 2nd Alert (No of Days before Event)
  • Need to upload documentary proof (File Upload) (Y/N)
  • Clause 49 Requirement (Y/N)
  • SOX Requirement (Y/N)
  • Status (Active / Inactive)
  • Remarks

 

  • The above Checklist will be converted into Activity master. It will store all the activities needed to be comply in the company.
  • In case of 1st time or mass upload, the compliance matrix from excel template can be uploaded directly into system.
  • Otherwise, users have option to create / change activity as & when required.
  • Any addition or change in activity master is controlled with authorization and needs approval.

Risk Assessment

Each Activity needs to be evaluated on two parameters:

  • Criticality
    • How critical is complying the activity for running the business?
    • The criticality has to be stated in levels 1 to 3 with 1 being low and 3 being the highest.
  • Impact
    • Impact states how much non-compliance of the activity will affect the company financially & operationally? 
    • The impact has to be stated in levels 1 to 3 with 1 being low impact and 3 being the highest impact.

 

Risk = Critical * Impact

 

 
   

Critical

High (3)

3

6

9

Medium (2)

2

4

6

Low (1)

1

2

3

 

Low (1)

Medium (2)

High (3)

 

Impact

 

Compliance Calendar Generation

  • Once the activity master is created the compliance manager will create Activity Calendar for the required activity according to the details entered in the master yearly/monthly/weekly etc.

  • The system has provision for one time exception for grace period due to any reason.

Reminders & Alerts

  • The mail alerts will be sent to the primary responsible person and secondary responsible in accordance of the mail date set in activity master.

  • On update of the compliance status, the mail will be sent to HOD & Functional Head for information

  • If any activity goes to non-compliance then before escalating the matter a mail will be sent to the concerned person asking the reason for non-compliance with the link

  • In case of High & Moderate Risk (Defined by User; Risk value 4 to 9), the three level escalation mail alerts will be sent by the system:

Escalating Authority

Day(s) after compliance

HOD at Local Office

1

Functional Head /

Dy Commissioner

2

Managing Director / PS

3

 

  • In case of Low Risk (Defined by User; Risk value 1 to 3), the two level escalation mail alerts will be sent by the system:

Escalating Authority

Day(s) after compliance

HOD at Local Office

1

Functional Head /

Dy Commissioner

2

 

Compliance Confirmation

  • The user needs to update the compliance as per occurrence.

  • The activities where documentary proof is required to be uploaded, the user needs to upload scanned copy of document as evidence of compliance.

  • Once user confirms the activity, mail alert is sent to his / her immediate supervisor for approval.

  • Supervisor needs to check the claim made by employee and he / she can approve or refer back with remarks to concerned employee

Reporting and Dashboards

  • The activity owner can view list of compliances needed to comply in given period.

  • The top management or the concerned users can see the report of statutes which are complied or not complied.

  • The activity status in the reports is marked:

    • If the compliance is completed on time then the activity status will be marked in GREEN

    • If the compliance is completed but delayed then the activity status will be marked in YELLOW

    • If the compliance is delayed then the activity status will be marked in RED