For over 50 years, the Accounting Standards have given management and investors a mechanism to prove (through audit and certification) the financial accounting systems of companies. We have also seen quality programmes, environment and safety programmes undergo independent auditor and certification systems that drive performance improvements. If that model has been so successful and robust across all of these under disciplines, why are we not rushing to apply the same practices to other areas across the spectrum of compliance.

Every year, large companies, medium sized companies and even many small ones are required to have their financial systems independently audited. The purpose of these audits is to check the governance, accuracy and reporting of the recording of financial transactions. This is principally a requirement for the benefit of shareholders and management. It gives the management, leadership and the shareholders comfort that they can rely on the work done by management in the financial systems. Having a firm check on the transactions and sign off on the audit is a huge comfort to everyone involved. It makes sense and is a great comfort to shareholders that they can rely on what they are being told by management and being reported. Exactly the same process could be said for safety and environmental systems.

There are a few additional elements that make such audits even better as a management, leadership and shareholder tool. The first is that the standards that the auditor uses to test the financial system. There is clearly a need to have a set of rules that define what is acceptable and how the auditors can judge compliance. The world recognised this challenge and set out a series of standards, known as the Accounting Standards (e.g. GAAP, IFRS). These Accounting Standards allow financial staff of your company and its auditors to test each company against a known set of rules. Without this, an audit would be impractical and never be able to be truly a comparative tool. Having Accounting Standards simply makes sense. An essential part of the process to protect shareholders.

The second thing which was essential to make the process work is to have an auditor of auditors. Someone that can make sure the auditors conducting an audit against the standards are qualified to make that assessment and are following a known approach in the way in which they audit. Also, very sensible. These bodies like the PCAOB make it very simple to know whether an audit firm meets the requirements of being an audit and that their people and their process continues to meet the requirements of the standard. This element gives additional protections to ‘the system’ and ensures that the audit process is as tight as possible and almost guaranteed to be accurate and complete.

Now, let’s assess the compliance industry.

Up until very recently, we had no real standard on building and implementing compliance programmes. We had no audit structure and we had no oversight over auditors. For years compliance officers have been conducting audits against ‘best practices’ which is subjective and not particularly effective. Every compliance programme was built based on what that compliance officer knew or learned from events and conferences. There was minimal structure to most programmes and only a few recognised best practices that have been loosely followed. Most of these best practices have been drafted to specifically minimise the fines imposed by regulators. They were not designed to build great programmes in the first place.

The lack of standards in the compliance industry has now changed. The industry has two globally relevant international standards produced by the International Standards Organisation, known generally as ISO. The first, a non-certifiable standard, ISO 19600 applicable to any and every risk issue that a compliance programme is built to manage, and, secondly, a certifiable standard for antibribery programmes called ISO 37001. What a huge change in the compliance industry! Every compliance person should now be thinking about how they engage with these standards to redevelop their ‘compliance programmes’ into ‘management systems’. They are the biggest development in our industry and can refine the whole approach to corporate and regulatory compliance.

Now that we have two very clear and simple standards produced by ISO, what is stopping companies and organisations from using these standards?

Fatigue. Many compliance officers just finished building their programmes on ‘best practices’. The thought of reviewing and changing their ‘compliance programmes’ to meet the standards and the ‘management system’ is daunting. Not a great excuse, but it’s reality.

Awareness. Many compliance officers simply are not aware of the standards.

Wait and see. There is a fair amount of wait and see with compliance officers waiting to see who else gets certified.

Confusion. There has been a fair amount of negative press on the standards written by pundits within the compliance community that have zero actual knowledge on what a ‘management system’ actually consists of. These comments are almost always subjective or naive in their understanding.

Value proposition. Some companies are struggling seeing the value proposition of applying the standard and gaining a certification.

Companies and organisations should buy the standards, read them, consider their depth and decide whether adjusting your Compliance Programmes to meet the standards is a good thing, and, at least as it applies to anti-bribery, consider certification under ISO 37001.

One thing is for sure, the standards are not going away, and, indeed, new ones are being drafted. Make an informed decision.

Related Articles

Appointments

HK: Howse Williams hires regulatory lawyer from Dechert

by Mari Iwata |

Hong Kong law firm Howse Williams has hired regulatory and compliance lawyer Jason Chan as a partner from Dechert, where he was a senior associate.

Other News

ALB Conversations: Wendy Wysong, Hong Kong managing partner, Steptoe & Johnson

by Aparna Sai |

Wendy Wysong, the managing partner of Steptoe & Johnson’s Hong Kong office, talks about what it was like to open the Hong Kong office during a pandemic, why it’s important for colleagues to provide support, encouragement, and collegiality, and how she wants clients to have the firm on speed-dial.

Other News

Singapore probes companies at centre of penny-stock crash

by Reuters |

Singapore's police force and central bank are investigating suspected trading irregularities in companies at the centre of a penny-stock crash last year, the Monetary Authority of Singapore said late on Wednesday.