Compliance 360 analysis Helps you to identify strengths

Compliance 360 analysis
Helps you to identify strengths and potential gaps in your
compliance landscape
Compliance 360 analysis | 2017
Compliance 360 analysis
There is a constant and increased focus on compliance. The fact
is that the world of regulatory compliance is always evolving,
with requirements constantly multiplying. Companies have to be
compliant with new legislation, amendments to existing legislation,
industry guidelines, and stakeholder expectations. A framework
that helps you to get an overview of your compliance landscape is
crucial in minimizing the risk of non-compliance, which may lead to
a financial loss and reputational damage.
Getting an overview
The compliance landscape is growing. The
management of almost every company
considers compliance to be a high priority. However, manual, spreadsheet-based
procedures are still common in many
companies but are becoming increasingly
difficult for businesses to use for getting
an overview of their various compliance
requirements. Further, not all companies
perform regular and structured compliance
risk assessments to ensure that they continue to meet standards.
Getting an overview of your company’s
compliance landscape, your maturity level,
and the risks of non-compliance is often a
complex task. Many companies are therefore interested in gaining transparency in a
structured and effective manner.
These challenges can easily be overcome
by using a tool for the assessment. The
tool makes it easier for companies to get
a clear overview of their compliance and
risk profile from a business perspective,
helping to minimise their exposure to risks
while saving the compliance responsible
both time and costs. The tool would quickly
bring key strategic and operational benefits
and provide a solid foundation for future
business planning.
Compliance 360 web tool
Deloitte has developed the Compliance 360
web tool that contains compliance standards and legislation of which every business needs to keep abreast. The number of
key compliance areas will vary according to
the industry you operate in.
The web tool groups standards and legislation into three main categories, namely
Hard Law, Soft Law, and Stakeholder
Expectations, which provide the foundation for our Compliance 360 approach.
Each compliance area includes a range of
subareas.
CSR
Accounting
rules &
regulations
Using the Compliance 360 concept as a
platform for the analysis helps you to get
all the way around in your compliance
landscape. The analysis helps you to answer typical questions posed by management. Are all compliance areas important?
What should we be focusing on?
Competition
Law
Environmental
legislation
Customer /
Partner
Expectations
EU Law
Governance
Stakeholder
Expectations
Human Rights
Hard Law
Industry
agreements
binding
Soft Law
non-binding
Market-specific
legislation
Standards
Tax Law
UN Guidelines
International
Resolutions
Workers’
Rights
Compliance 360 analysis | 2017
Prioritization and ranking
On a scale from 1-5 , where 1 means low and 5 means high,
please indicate the level for your company
Priority
Hard Law
ACCOUNTING RULES & REGULATIONS
Sarbanes-Oxly Act (SOX)
EU LAW
EU’s Data Protection Regulation
Soft Law
Maturity
1
2
3
4
5
1
2
3
4
5
1
2
3
4
5
1
2
3
4
5
2
3
4
5
2
3
4
5
Priority
1
STANDARDS
ISO27001 (Information Security standard)
Maturity
2
3
4
5
1
Priority
Stakeholder
CUSTOMER / PARTNER EXPECTATIONS
Data/market research which identifies customers and other stakeholder’ expectations
1
Maturity
2
3
4
5
1
Your outcome of the Compliance 360 analysis
After the workshop, you will be provided with a report that:
•
Gives you insight into which compliance areas matter the most to your company – on a high level and per sub-compliance area within the categories Hard Law, Soft Law, and Stakeholder Expectations;
•
Outlines the risk of non-compliance and the potential consequences for the largest perceived gaps between priority and maturity,
including recommendations that can help you to address those gaps;
•
Highlights the strengths identified for your selected compliance areas (maturity higher than priority).
5
Largest Gaps (Pririty > Maturity)
4
Cooperation with s...
FATCA (Foreign Account Tax Compliance Act - US)
GAAP
3
MyFavoriteTopic
Requirements on non-financial reporting in the annual report (CSR)
Maturity
Sarbanes-Oxley Act (SOX)
Requirements on n...
Requirements on non-financial reporting in the annual report (diversity)
2
IFRS
My Favorite Topic
ISAE 3402
1
Requirements on n...
IFRS
IFRS
0
0
1
2
Priority
3
4
5
0
1
2
3
4
You can use the Compliance 360 analysis for management reporting and thereby
give management an overview of where your company is in control and where
more should be done.
With an overview of your company’s compliance landscape, management can better make decisions on how to utilize the company’s resources and where to initiate compliance projects, decide on efforts relating to compliance investigations, and determine whether there
is a need to increase the compliance budget.
… or you can show management, customers, suppliers, authorities, and others in a structured way that you are in control of your compliance landscape, which can be turned into a competitive advantage.
5
Contacts
Anders Morand
Partner
Mobile: +45 30 93 61 95
E-mail: amorand@deloitte.dk
Kristina Wiese Tranberg
Director
Mobile: +45 30 93 53 25
E-mail: ktranberg@deloitte.dk
Kristian Laden Andersen
Senior Consultant
Mobile: +45 42 71 78 89
E-mail: krisandersen@deloitte.dk
Om Deloitte
Deloitte leverer ydelser indenfor Revision, Skat, Consulting og Financial Advisory til både
offentlige og private virksomheder i en lang række brancher. Vores globale netværk
med medlemsfirmaer i mere end 150 lande sikrer, at vi kan stille stærke kompetencer
til rådighed og yde service af højeste kvalitet, når vi skal hjælpe vores kunder med at
løse deres mest komplekse forretningsmæssige udfordringer. Deloittes ca. 200.000
medarbejdere arbejder målrettet efter at sætte den højeste standard.
Deloitte Touche Tohmatsu Limited
Deloitte er en betegnelse for Deloitte Touche Tohmatsu Limited, der er et britisk selskab
med begrænset ansvar, og dets netværk af medlemsfirmaer. Hvert medlemsfirma udgør
en separat og uafhængig juridisk enhed. Vi henviser til www.deloitte.com/about for en
udførlig beskrivelse af den juridiske struktur i Deloitte Touche Tohmatsu Limited og dets
medlemsfirmaer.
© 2016 Deloitte Statsautoriseret Revisionspartnerselskab. Medlem af Deloitte Touche
Tohmatsu Limited