ISO 19600 Compliance Management Checklist

The ISO 19600:2014 standard provides guidelines for compliance and risk management, ensuring good governance, transparency and sustainability. This ISO 19600 self-assessment checklist will help your organization conduct an internal audit to identify new and existing rules, identify and reduce the risk of breaching them, and to quickly and effectively correct any breaches that might occur.

Download as free PDF

Library
ISO Standards
ISO 19600 Compliance Management Checklist

Performance Evaluation

14. Does top management review our CMS at planned intervals to ensure its continuing suitability adequacy and effectiveness including; consideration of previous actions, policy, objectives, resourcing, changes, performance measures, non-conformance, audit results, and stakeholder communication?

Photo Comment

Improvement

1. When a nonconformity and/or noncompliance occurs do we take; action to control and correct, manage the consequences, evaluate need to eliminate cause, implement actions, review effectiveness of corrective action and make changes to system as necessary?

Photo Comment

Context Of The Organisation

Leadership

2. Has the board and top management: established policy, ensured commitment to compliance maintained, non-compliance is dealt with, ensured compliance responsibilities are in top management position statements, appointed a compliance function with appropriate authority and resources?

Photo Comment

3. Does the compliance function with management have responsibility for; identifying obligations and acting on them, integrating compliance into processes, providing training to support employees, establishing compliance reporting processes, establishing processes for complaints/hot-lines/whistle-blower as appropriate, establishing performance indicators, identifying and managing risks, reviewing the CMS, providing employees with information and advice, ensure access to professional advice as required?

Photo Comment

Planning

Support

Operation

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.

ISO 19600 Compliance Management Checklist

1. Do we evaluate the CMS performance and effectiveness?

2. Have we established a plan for; continual monitoring, setting out monitoring processes, schedules, resources and the information to be collected?

3. Do we consider effectiveness of training, controls, responsibilities, currency of obligations?

4. Do we monitor; noncompliance and “near misses”, instances where obligations or objectives are not met, status of compliance culture and, leading and lag indicators?

5. Have we procedures for seeking and receiving feedback on compliance performance from stakeholders such as employees, customers, suppliers, regulators and from control logs and activity records?

6. Have we information management systems for capturing issues and complaints that allow classification and analysis of those that relate to compliance?

7. Have we a set of measurable indicators that assist in measuring achievement of our objectives and quantifying compliance performance?

8. Is the board and top management effectively informed in a timely manner on the performance of the CMS and all relevant noncompliance?

9. Are employees encouraged to respond to and report noncompliance without fear of retaliation?

10. Do we maintain accurate, up-to-date records of our compliance activities and for complaints, disputes and alleged noncompliance and the steps taken to resolve them?

11. Do we conduct audits of our CMS at planned intervals and retain documented information as evidence?

12. Do our information systems capture issues and complaints with the ability to classify and analyse those that relate to compliance?

13. Have we compliance reporting that has appropriate criteria and obligations?

14. Does top management review our CMS at planned intervals to ensure its continuing suitability adequacy and effectiveness including; consideration of previous actions, policy, objectives, resourcing, changes, performance measures, non-conformance, audit results, and stakeholder communication?

15. Does the output of management review include; recommendations on policy, objectives, structures, personnel, changes to processes, areas to be monitored, corrective action to non-conformance, gaps in systems and recognition of exemplary behaviour?

16. Do we maintain documented information of this and provide the board a copy?

1. When a nonconformity and/or noncompliance occurs do we take; action to control and correct, manage the consequences, evaluate need to eliminate cause, implement actions, review effectiveness of corrective action and make changes to system as necessary?

2. Do we retain documented information on non-conformance and actions taken and results of the action?

3. Do we have a clear and timely escalation process that ensures that all noncompliance are raised, reported and escalated to relevant management, and that the compliance function is informed and able to support the escalation?

4. Where we are required by law to report noncompliance, do we ensure regulatory authorities are informed in accordance with the applicable regulations or as otherwise agreed?

5. Do we continually improve the suitability, adequacy and effectiveness of the CMS?

1. Do we understand the external and internal issues related to compliance?

2. Have we determined interested parties and their requirements?

3. Have we determined the scope of the system and documented it?

4. Does our CMS reflect the organization’s values, objectives, strategy and compliance risks?

5. Have we identified our compliance obligations and their implications and documented this?

6. Do we have a process to identify changes to law and other obligations and do we evaluate these changes and implement changes as appropriate?

7. Have we identified, analysed and evaluated compliance risks?

8. Do we re-assess when changes or issues occur?

9. Is the compliance function independent and have the authority to act?

1. Are responsibilities for compliance assigned and communicated?

2. Has the board and top management: established policy, ensured commitment to compliance maintained, non-compliance is dealt with, ensured compliance responsibilities are in top management position statements, appointed a compliance function with appropriate authority and resources?

4. Do Managers have responsibilities for compliance within their area of responsibility including job descriptions and performance appraisals?

5. Are all employees aware of their responsibilities including adhering to obligations, participate in training, use compliance resources, report compliance concerns?

1. Are plans in place to address compliance risks?

2. Are the risks and plans to address them documented?

3. Do we have documented compliance objectives at relevant levels and functions and plans to achieve them?

1. Have we determined what resources are required and deployed them to ensure the system is effective, objectives are achieved and compliance achieved?

2. Have we determined the necessary competence of employee(s) related to Compliance and taken action as necessary? Have we retained documented information as evidence?

3. Do we have a training program to ensure that all employees are competent to fulfil their job role consistent with the organization’s commitment to compliance?

4. Have we ensured all persons doing work are aware of the compliance policy, their role and contribution to the CMS and implications of not conforming?

5. Is behaviour that creates and supports compliance encouraged and behaviour that compromises compliance not tolerated?

6. Has the board, top management and management committed towards a common, published standard of compliance behaviour that is required throughout every area of the organization?

7. Have we adopted appropriate methods of communication to ensure that the compliance message is heard and understood by all employees on an on-going basis?

8. Have we put in place a practical approach to external communication, targeting all interested parties, as appropriate?

9. Are internal and external documents relating to the CMS approved for use and protected adequately?

1. Do we control planned changes and review the consequences of unintended changes relevant to the CMS?

2. Have we established controls and procedures to manage obligations and associated risks to achieve desired behaviour?

3. Are these controls maintained, periodically evaluated and tested to ensure their continuing effectiveness?

4. Have we established, documented, implemented and maintained procedures to support the compliance policy and translate the compliance obligations into practice?

5. Have we ensured outsourced processes are controlled and monitored?

6. Do we have specific arrangements for identifying, reporting and escalating noncompliance and risks of noncompliance?