Iso 19600 Compliance Management Checklist

The ISO 19600:2014 standard provides guidelines for compliance and risk management, ensuring good governance, transparency and sustainability. This ISO 19600 self-assessment checklist will help your organization conduct an internal audit to identify new and existing rules, identify and reduce the risk of breaching them, and to quickly and effectively correct any breaches that might occur.​

ISO 19600 Compliance Management Checklist



Context Of The Organisation

1. Do we understand the external and internal issues related to compliance?


Photo Comment

2. Have we determined interested parties and their requirements?


Photo Comment

3. Have we determined the scope of the system and documented it?


Photo Comment

4. Does our CMS reflect the organization’s values, objectives, strategy and compliance risks?


Photo Comment

5. Have we identified our compliance obligations and their implications and documented this?


Photo Comment

6. Do we have a process to identify changes to law and other obligations and do we evaluate these changes and implement changes as appropriate?


Photo Comment

7. Have we identified, analysed and evaluated compliance risks?


Photo Comment

8. Do we re-assess when changes or issues occur?


Photo Comment

9. Is the compliance function independent and have the authority to act?


Photo Comment
Leadership

1. Are responsibilities for compliance assigned and communicated?


Photo Comment

2. Has the board and top management: established policy, ensured commitment to compliance maintained, non-compliance is dealt with, ensured compliance responsibilities are in top management position statements, appointed a compliance function with appropriate authority and resources?


Photo Comment

3. Does the compliance function with management have responsibility for; identifying obligations and acting on them, integrating compliance into processes, providing training to support employees, establishing compliance reporting processes, establishing processes for complaints/hot-lines/whistle-blower as appropriate, establishing performance indicators, identifying and managing risks, reviewing the CMS, providing employees with information and advice, ensure access to professional advice as required?


Photo Comment

4. Do Managers have responsibilities for compliance within their area of responsibility including job descriptions and performance appraisals?


Photo Comment

5. Are all employees aware of their responsibilities including adhering to obligations, participate in training, use compliance resources, report compliance concerns?


Photo Comment
Planning

1. Are plans in place to address compliance risks?


Photo Comment

2. Are the risks and plans to address them documented?


Photo Comment

3. Do we have documented compliance objectives at relevant levels and functions and plans to achieve them?


Photo Comment
Support

1. Have we determined what resources are required and deployed them to ensure the system is effective, objectives are achieved and compliance achieved?


Photo Comment

2. Have we determined the necessary competence of employee(s) related to Compliance and taken action as necessary? Have we retained documented information as evidence?


Photo Comment

3. Do we have a training program to ensure that all employees are competent to fulfil their job role consistent with the organization’s commitment to compliance?


Photo Comment

4. Have we ensured all persons doing work are aware of the compliance policy, their role and contribution to the CMS and implications of not conforming?


Photo Comment

5. Is behaviour that creates and supports compliance encouraged and behaviour that compromises compliance not tolerated?


Photo Comment

6. Has the board, top management and management committed towards a common, published standard of compliance behaviour that is required throughout every area of the organization?


Photo Comment

7. Have we adopted appropriate methods of communication to ensure that the compliance message is heard and understood by all employees on an on-going basis?


Photo Comment

8. Have we put in place a practical approach to external communication, targeting all interested parties, as appropriate?


Photo Comment

9. Are internal and external documents relating to the CMS approved for use and protected adequately?


Photo Comment
Operation

1. Do we control planned changes and review the consequences of unintended changes relevant to the CMS?


Photo Comment

2. Have we established controls and procedures to manage obligations and associated risks to achieve desired behaviour?


Photo Comment

3. Are these controls maintained, periodically evaluated and tested to ensure their continuing effectiveness?


Photo Comment

4. Have we established, documented, implemented and maintained procedures to support the compliance policy and translate the compliance obligations into practice?