Skip to main content

For over 50 years, the Accounting Standards have given management and investors a mechanism to prove (through audit and certification) the financial accounting systems of companies. We have also seen quality programmes, environment and safety programmes undergo independent auditor and certification systems that drive performance improvements. If that model has been so successful and robust across all of these under disciplines, why are we not rushing to apply the same practices to other areas across the spectrum of compliance.

Every year, large companies, medium sized companies and even many small ones are required to have their financial systems independently audited. The purpose of these audits is to check the governance, accuracy and reporting of the recording of financial transactions. This is principally a requirement for the benefit of shareholders and management. It gives the management, leadership and the shareholders comfort that they can rely on the work done by management in the financial systems. Having a firm check on the transactions and sign off on the audit is a huge comfort to everyone involved. It makes sense and is a great comfort to shareholders that they can rely on what they are being told by management and being reported. Exactly the same process could be said for safety and environmental systems.

There are a few additional elements that make such audits even better as a management, leadership and shareholder tool. The first is that the standards that the auditor uses to test the financial system. There is clearly a need to have a set of rules that define what is acceptable and how the auditors can judge compliance. The world recognised this challenge and set out a series of standards, known as the Accounting Standards (e.g. GAAP, IFRS). These Accounting Standards allow financial staff of your company and its auditors to test each company against a known set of rules. Without this, an audit would be impractical and never be able to be truly a comparative tool. Having Accounting Standards simply makes sense. An essential part of the process to protect shareholders.

The second thing which was essential to make the process work is to have an auditor of auditors. Someone that can make sure the auditors conducting an audit against the standards are qualified to make that assessment and are following a known approach in the way in which they audit. Also, very sensible. These bodies like the PCAOB make it very simple to know whether an audit firm meets the requirements of being an audit and that their people and their process continues to meet the requirements of the standard. This element gives additional protections to ‘the system’ and ensures that the audit process is as tight as possible and almost guaranteed to be accurate and complete.

Now, let’s assess the compliance industry.

Up until very recently, we had no real standard on building and implementing compliance programmes. We had no audit structure and we had no oversight over auditors. For years compliance officers have been conducting audits against ‘best practices’ which is subjective and not particularly effective. Every compliance programme was built based on what that compliance officer knew or learned from events and conferences. There was minimal structure to most programmes and only a few recognised best practices that have been loosely followed. Most of these best practices have been drafted to specifically minimise the fines imposed by regulators. They were not designed to build great programmes in the first place.

The lack of standards in the compliance industry has now changed. The industry has two globally relevant international standards produced by the International Standards Organisation, known generally as ISO. The first, a non-certifiable standard, ISO 19600 applicable to any and every risk issue that a compliance programme is built to manage, and, secondly, a certifiable standard for antibribery programmes called ISO 37001. What a huge change in the compliance industry! Every compliance person should now be thinking about how they engage with these standards to redevelop their ‘compliance programmes’ into ‘management systems’. They are the biggest development in our industry and can refine the whole approach to corporate and regulatory compliance.

Now that we have two very clear and simple standards produced by ISO, what is stopping companies and organisations from using these standards?

Fatigue. Many compliance officers just finished building their programmes on ‘best practices’. The thought of reviewing and changing their ‘compliance programmes’ to meet the standards and the ‘management system’ is daunting. Not a great excuse, but it’s reality.

Awareness. Many compliance officers simply are not aware of the standards.

Wait and see. There is a fair amount of wait and see with compliance officers waiting to see who else gets certified.

Confusion. There has been a fair amount of negative press on the standards written by pundits within the compliance community that have zero actual knowledge on what a ‘management system’ actually consists of. These comments are almost always subjective or naive in their understanding.

Value proposition. Some companies are struggling seeing the value proposition of applying the standard and gaining a certification.

Companies and organisations should buy the standards, read them, consider their depth and decide whether adjusting your Compliance Programmes to meet the standards is a good thing, and, at least as it applies to anti-bribery, consider certification under ISO 37001.

One thing is for sure, the standards are not going away, and, indeed, new ones are being drafted. Make an informed decision.

Related Articles

Other News

Q&A with Edwin Northover, Debevoise & Plimpton LLP

by Asian Legal Business《亚洲法律杂志》 |

Debevoise & Plimpton LLP won the Insurance Law Firm of the Year award at the ALB Hong Kong Law Awards 2024, apart from being the sponsor of the Insurance In-House Team of the Year award. Edwin Northover, Asia-based corporate partner and head of the firm’s financial institutions and corporate practices in Asia, talks about the firm's recent achievements, trends in the insurance industry, and future outlook for insurance law in Hong Kong.

Other News

Kramer Levin and Herbert Smith Freehills plan latest law firm mega-merger

by Reuters |

U.S. law firm Kramer Levin Naftalis & Frankel and global legal giant Herbert Smith Freehills are planning to merge to create a firm with more than 2,700 lawyers, according to a joint statement on Monday.

Other News

Tokyo International makes Singapore debut with SE Asia in its sights

by Sarah Wong |

Japanese boutique Tokyo International Law Office (TKI) is set to establish its first overseas outpost with the opening of a Singapore office in January 2025, marking a significant milestone in the rapidly expanding firm's global strategy.