ISO 19600 Compliance Management Checklist

The ISO 19600:2014 standard provides guidelines for compliance and risk management, ensuring good governance, transparency and sustainability. This ISO 19600 self-assessment checklist will help your organization conduct an internal audit to identify new and existing rules, identify and reduce the risk of breaching them, and to quickly and effectively correct any breaches that might occur.

ISO 19600 Compliance Management Checklist



Planning

1. Are plans in place to address compliance risks?


Photo Comment

2. Are the risks and plans to address them documented?


Photo Comment

3. Do we have documented compliance objectives at relevant levels and functions and plans to achieve them?


Photo Comment
Support

1. Have we determined what resources are required and deployed them to ensure the system is effective, objectives are achieved and compliance achieved?


Photo Comment

2. Have we determined the necessary competence of employee(s) related to Compliance and taken action as necessary? Have we retained documented information as evidence?


Photo Comment

3. Do we have a training program to ensure that all employees are competent to fulfil their job role consistent with the organization’s commitment to compliance?


Photo Comment

4. Have we ensured all persons doing work are aware of the compliance policy, their role and contribution to the CMS and implications of not conforming?


Photo Comment

5. Is behaviour that creates and supports compliance encouraged and behaviour that compromises compliance not tolerated?


Photo Comment

6. Has the board, top management and management committed towards a common, published standard of compliance behaviour that is required throughout every area of the organization?


Photo Comment

7. Have we adopted appropriate methods of communication to ensure that the compliance message is heard and understood by all employees on an on-going basis?


Photo Comment

8. Have we put in place a practical approach to external communication, targeting all interested parties, as appropriate?


Photo Comment

9. Are internal and external documents relating to the CMS approved for use and protected adequately?


Photo Comment
Operation

1. Do we control planned changes and review the consequences of unintended changes relevant to the CMS?


Photo Comment

2. Have we established controls and procedures to manage obligations and associated risks to achieve desired behaviour?


Photo Comment

3. Are these controls maintained, periodically evaluated and tested to ensure their continuing effectiveness?


Photo Comment

4. Have we established, documented, implemented and maintained procedures to support the compliance policy and translate the compliance obligations into practice?


Photo Comment

5. Have we ensured outsourced processes are controlled and monitored?


Photo Comment

6. Do we have specific arrangements for identifying, reporting and escalating noncompliance and risks of noncompliance?


Photo Comment
Performance Evaluation

1. Do we evaluate the CMS performance and effectiveness?


Photo Comment

2. Have we established a plan for; continual monitoring, setting out monitoring processes, schedules, resources and the information to be collected?


Photo Comment

3. Do we consider effectiveness of training, controls, responsibilities, currency of obligations?


Photo Comment

4. Do we monitor; noncompliance and “near misses”, instances where obligations or objectives are not met, status of compliance culture and, leading and lag indicators?


Photo Comment

5. Have we procedures for seeking and receiving feedback on compliance performance from stakeholders such as employees, customers, suppliers, regulators and from control logs and activity records?


Photo Comment

6. Have we information management systems for capturing issues and complaints that allow classification and analysis of those that relate to compliance?


Photo Comment

7. Have we a set of measurable indicators that assist in measuring achievement of our objectives and quantifying compliance performance?


Photo Comment

8. Is the board and top management effectively informed in a timely manner on the performance of the CMS and all relevant noncompliance?


Photo Comment

9. Are employees encouraged to respond to and report noncompliance without fear of retaliation?


Photo Comment

10. Do we maintain accurate, up-to-date records of our compliance activities and for complaints, disputes and alleged noncompliance and the steps taken to resolve them?


Photo Comment

11. Do we conduct audits of our CMS at planned intervals and retain documented information as evidence?


Photo Comment

12. Do our information systems capture issues and complaints with the ability to classify and analyse those that relate to compliance?


Photo Comment

13. Have we compliance reporting that has appropriate criteria and obligations?


Photo Comment

14. Does top management review our CMS at planned intervals to ensure its continuing suitability adequacy and effectiveness including; consideration of previous actions, policy, objectives, resourcing, changes, performance measures, non-conformance, audit results, and stakeholder communication?


Photo Comment

15. Does the output of management review include; recommendations on policy, objectives, structures, personnel, changes to processes, areas to be monitored, corrective action to non-conformance, gaps in systems and recognition of exemplary behaviour?


Photo Comment

16. Do we maintain documented information of this and provide the board a copy?


Photo Comment
Improvement

1. When a nonconformity and/or noncompliance occurs do we take; action to control and correct, manage the consequences, evaluate need to eliminate cause, implement actions, review effectiveness of corrective action and make changes to system as necessary?


Photo Comment

2. Do we retain documented information on non-conformance and actions taken and results of the action?


Photo Comment

3. Do we have a clear and timely escalation process that ensures that all noncompliance are raised, reported and escalated to relevant management, and that the compliance function is informed and able to support the escalation?


Photo Comment

4. Where we are required by law to report noncompliance, do we ensure regulatory authorities are informed in accordance with the applicable regulations or as otherwise agreed?


Photo Comment

5. Do we continually improve the suitability, adequacy and effectiveness of the CMS?


Photo Comment
Context Of The Organisation

1. Do we understand the external and internal issues related to compliance?


Photo Comment

2. Have we determined interested parties and their requirements?


Photo Comment

3. Have we determined the scope of the system and documented it?


Photo Comment

4. Does our CMS reflect the organization’s values, objectives, strategy and compliance risks?


Photo Comment

5. Have we identified our compliance obligations and their implications and documented this?


Photo Comment

6. Do we have a process to identify changes to law and other obligations and do we evaluate these changes and implement changes as appropriate?


Photo Comment

7. Have we identified, analysed and evaluated compliance risks?


Photo Comment

8. Do we re-assess when changes or issues occur?


Photo Comment

9. Is the compliance function independent and have the authority to act?


Photo Comment
Leadership

1. Are responsibilities for compliance assigned and communicated?


Photo Comment

2. Has the board and top management: established policy, ensured commitment to compliance maintained, non-compliance is dealt with, ensured compliance responsibilities are in top management position statements, appointed a compliance function with appropriate authority and resources?


Photo Comment

3. Does the compliance function with management have responsibility for; identifying obligations and acting on them, integrating compliance into processes, providing training to support employees, establishing compliance reporting processes, establishing processes for complaints/hot-lines/whistle-blower as appropriate, establishing performance indicators, identifying and managing risks, reviewing the CMS, providing employees with information and advice, ensure access to professional advice as required?


Photo Comment

4. Do Managers have responsibilities for compliance within their area of responsibility including job descriptions and performance appraisals?


Photo Comment

5. Are all employees aware of their responsibilities including adhering to obligations, participate in training, use compliance resources, report compliance concerns?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists