BSBCOM603 Plan and establish compliance management systems
This part talks about the existing policies, issues, and effects related to the compliance management system of Charity Care, a non-profit organisation. There are many issues that are identified during audit process. The report talks about internal and external compliance along with industrial compliance requirements. Also, the major areas affected, risks, penalties, and risk minimisation strategy are also covered. At last, a compliance system has been proposed for the organisation to deal with current issues.
1. Compliance Requirements
- Internal Compliance Requirement
As the company is registered under Corporations Act 2001, the company has to maintain certain internal requirement strictly. These include formation of board of directors, carrying out annual meeting of directors, creating organisational policies, updating byelaws, maintaining a transparent flow of information, proper data entry of assets, and keeping a well-maintained record of stock transfers, payments received and disbursement for bills, and organisation’s assets (Badriyah, et.al, 2015). In addition to this, the organisation is required to protect its assets and record book from potential fraud and theft. Internal requirements would ensure that the Charity Care runs properly without much issues. Some part of operations and functioning, such as sales and stock management will also be managed by the external compliance requirements.
- External Compliance Requirement
- Industry-Specific Compliance Requirement
Charity Care, being a charity and not-for-profit organisation, has to have certain industry-specific compliance requirements. These include financial record keeping, securing organisational information, registration document as per State Nonprofit Requirement, License to Fundraise, tax filling documents, etc. In addition to this, the organisation is required to keep a well-maintained record of Expenses grants received, previous tax filling, Bank statements, contributor’s information, accrued expenses, articles of incorporation, etc. Furthermore, the organisation should conduct board of directors meeting at the end of every term. Failing to fulfil the aforementioned requirements would put noncompliance penalties over the organisation including revocation of tax-exempt status of the organisation.
2. Compliance Effects
- Areas Affected: There are many areas that would be affected by the compliance requirement. For instance, maintaining all the paper works related to organisational expense, tax filling, salaries, bank statement, and other financial records is the responsibility of finance and accounting department. Hence, it is one of those areas that would be severely affected by the compliance management system. In addition to this, the human resource department and legal department of the organisation is required to keep a check on all the policies, legislative obligations, and resource planning as per the government regulations and guidelines. In addition to this, training of employees are required to be carried out on regular basis.It was identified that in Charity Care, there was inappropriate use of assets were noticed. This is one of the major HRM issues. Also, the tax filling was not done properly and timely. A well-functional compliance management system would ensure that all the concerning departments carry out their functions in a defined and transparent way (Courtney& Deangelis, 2018).
- Risks: There are different types of risk associated with the non-compliance. These can be classified as:-
Legal Risk: Failing to comply with the standards and legislation may bring legal actions against the organisation. This may also result in fines, seizure, debarment, or imprisonment (Badriyah, et.al, 2015).
Financial Risk:A poor compliance may also invite financial problems for the company. The investors and fund providers may lose confidence in the organisation and in the worst case, they may also stop funding the Charity Care.
Business Risk:If Charity Care does not comply with the set guidelines for not-for-profit organisations, standards, legislations, and guidelines set by Australian Charities and Not-for-profits Commission, then its operations may shutdown.
Reputational Risk: Non-compliance may damage the organisation’s reputation. This may be caused by bad press, loss of consumers’ trust, social media discussion, poor employee morale etc.
- Penalties: In Australia, every charity organisation is required get registered with ACNC and meet the standards and obligations as given in the ACNC Act 2012. The noncompliance would lead to penalties, such as cancellation of registration, fines, and imprisonment. Any charity organisation failing to comply with annual information statement has to pay penalty as given below
- Risk Minimisation: The noncompliance risks can be managed and minimised by developing a proper risk management model. The model can be adapted by Charity Care should address the following points:-
- Establishment of risk policy
- Identification of Risks
- Assessment of Risks
- Evaluation of required actions
- Regular Monitoring and Assessment
3. Compliance Systems
- Available Systems/ Alternatives
As Charity Care is a charity, not-for-profit organisation, there are two options available for compliance management system that are capable enough to address the issues faced by the organisation.
Cloud-based compliance management application
Cloud-based system provides all the basic tools and assistance for managing internal requirements of compliance. It would provide collaborative work space for different stakeholders and encourage them to be a part of organisation’s compliance management. It can store, manage, and provide information about internal standards and regulations. In addition to this, it facilitates a connection between them with the business risks, processes, and internal controls. It ensures consistencies among the information provided in the automatically-generated documents, thereby making it easier for the managers to test the existing compliance levels (Courtney& Deangelis, 2018).
Continuous Audit-Based Compliance Management
This compliance management system is suitable for handling both internal and external requirements. In addition to this, the model can be best-suited for the charity organisations as per their size and operations. There are five stages in this model that would fulfil the charity’s objectives and address the present and future compliance issues. The first stage is related to determination, evaluation, and management of risks (Courtney& Deangelis, 2018). It will cover all the risks related to operation, reputation, financial, and governance. Furthermore, it will assist in creating a risk exposure profile so as to make the managers aware of the risk level (Mohd Nasir et.al, 2012).
- Comparison of Systems
|Suitability to Organisational Culture
Cloud-based compliance management
Effective only for managing internal requirement but can provide information to every stakeholder anywhere
It is efficient only for managing internal compliance requirements
This would be less feasible for Charity Care due to funding issues and employees would require some training for this.
The current organisational culture is handling most of the functions through manual methods and using basic computing systems. This means cloud-computing would require some time to adopt. Hence, not suitable.
Continuous Audit-Based Compliance Management
Effective for managing both internal and external compliance management. In addition to this, it is able to manage the risk properly(Meulbroek, 2012).
It is efficient for managing both internal as well as external compliance requirements
It is highly feasible from funding aspects as well as current organisational setting.
This works in alignment of the current organisational culture.
- Recommended System
From the above comparison, it is pretty much clear that continuous audit-based compliance management is best-suited for Charity Care. The organisation is currently facing issues related to both internal and external compliance requirement. Therefore, a system that could manage these organisational issues is required for Charity Care. The proposed system has the ability of doing so. The five stages in the model, such as establishment of risk policy, identification of risks, assessment of risks, evaluation of required actions, and regular monitoring and assessment. These can be useful in managing all the associated risks and challenges related to compliance, the company is facing.
In the following section, the general compliance requirements of Charity Care were determined, wherein both internal and external compliance requirements were determined. In addition to this, the effects of compliance issues were also outlined and how organisation can minimise them was also talked about. At last, the suitable compliance system was proposed as per the requirement of the organisation and its culture. The proposed system is continuous audit-based compliance management due to its ability to address both internal as well as external compliance issues.
1. Compliance Management System
- Management Information System Requirement
With the understanding of the key issues and proposed CMS, the management system requirement are stated in this section. These include:-
- Environment Recognition
- Team setup
- Understanding Objectives
- Modular Investigation and Decomposition
- Requirement Analysis and Review
- Integration of Documentation
- Components of Proposed CMS
As per the regulatory guidance, the components of the proposed system are given below:-
- Management Oversight and Board of Directors
- A compliance program
- Specifications of Each Component
As per the regulatory guidance, the components of the proposed system are given below:-
- Management Oversight and Board of Directors: It is required from the proposed CMS that communicate the organisational goals, adopt relevant steps and policies, and define staff compliance function (Ping& Muthuveloo, 2015).
- A compliance program:It is a well-written program that include the following component:-
- Procedures and Policies
- Stakeholders’ complaint and query response
- As per the issues identified in the case, the company requires certain personnel for the management of issues and application of proposed CMS model. The issues are related to finance, resource management, payment of taxes, and resource planning.
- The required personnel include the CEO, payroll clerk, book-keeper, and business manager.
- In order to resolve the issues related to compliance system of the Charity care, it is required to implement the proposed system properly. For that purpose, it is required from the selected personnel to carry out their assigned functions properly.
- CEO:The CEO is the head of the compliance cell who will look for the proper implementation of the process and establish a proper communication within the organisation
- Payroll Clerk: He is responsible to report all the salary and incentive related errors to the higher authority or to the compliance cell.
- Book-Keeper: The book keeper is responsible to record all the payment and funds related records. In addition to this, all the bank statements will be updated by the book keeper.
- Business Manager: the business manager is responsible to provide training to the subordinates about the proposed system.
- Compliance training is essential as it helps in improving the current organisational practices and it mandated by regulation, legislation and policy. It educates the employees about regulations and laws applicable on industry. As per the issues identified, the organisation needs to provide training related to finance and fund management, resource planning, ethical training, and diversity management (Badriyah, et.al, 2015).
- The suitable training options for Charity Care comprise:-
- Diversity training
- Human resource regulations
- Information Security Procedure Training
- Workplace health and safety training
- Anti-harassment Training
- Financial regulation training
- Resource management training
- A complaint management system is required to manage and handle the organisation’s complaints. If managed properly, the Charity Care can be able to grow its revenue and funding.
- Establishment of compliance management culture can be done by following these steps
Setting up or formulating the vision
Establishing the effective communication channel
The final step is formulating a strategy and planning a continuous monitoring plan (particularly PDCA cycle)
- The process of identifying the compliance breaches is very significant and can be done by empowering and training the employees to suspect any kind of breach and report is directly to the concerning manager or higher authority. Certain responsible and practicable measures should be taken to resolve the breach (Nocco& Stulz, 2016).
- The procedure for reporting the compliance breach can be initiated at any level. The lower level subordinate can report it to the manager, manager can report it to the executives, and executives can report it to the board of directors. Significant breaches can also be reported to internal auditing team.
- The internal liasoning in an organisation is important within an organisation for establishing and coordinating their activities and management of resources. This can be done by implementing an ERP system. On the other hand, external liasoning is required to establish a communication system between the organisation with the external one and other stakeholders (Nocco& Stulz, 2016).
- The performance indicators include number of breaches which is the number of total compliance breach done by an organisation in particular time. In addition to this, other parameter is payroll error which is related to the payment of salaries and wages to the employees.
The overall budget of implementing the proposed CMS is $8500.
Budget (in AUD)
Human resource for CMS
Maintenance of CMS
1. Executive Summary
In the following section, the strategy for the establishment of the proposed compliance system was discussed. The following system has 4 stages and each stage is important. In addition to this, a monitoring process was also discussed to keep a check on the process. Furthermore, the expected results and outcomes were also elaborated in the system.
2. Establishment of System
This model for compliance risk management comprises four stages process for identification and managing the associated risks and challenges. This include financial risk, reputational risks, business risks, and legal risks (Badriyah, et.al, 2015). The adopted model for Charity Care best suits its operations. There are certain objectives of the proposed system. These are
- To identify, assess, and manage the risks associated with organisational goals
- To manage risks related to operational procedures
- To create a risk exposure profile for the organisation.
The whole system would be implemented in 4 stages as described below:-
Stage 1: Establishment of Risk Policy
As in the previous sections, it was discussed that currently, Charity Care is facing issues related to compliance management process currently followed in the organisation. This can be manage with the help of an effective policy for the compliance risk management that ensures that charity is fit for purpose. As given that Charity Care is earning profits and is having sound reserve, the financial risks may not be high but are always present (Susanto, et.al, 2015). Also, compliance risk policy should clearly define the risk tolerance for the organisation. All this will help the trustee and executives to set the benchmark for each process and operation.
Stage 2: Identification of Risk
From the evaluation and auditing process, it was determined that Charity Care is having issues with the transparency of purchasing spare parts that violates the financial policy of the company. In addition to this, there was no evidence of some transactions made from the organisation’s account indicating poor record keeping and documentation. Also, laptops were missing that indicates possible frauds within organisation. In addition to this, there were certain issues with the company’s current tax filing process.
In order to identify the issues, it is required from the managers and executives to stay committed towards the organisation. For better results, the lower subordinates should be explained about their parts in the compliance management (Susanto, et.al, 2015).
Stage 3: Assessment of Risk
Identification of risks and issues need to be done keeping in mind their potential impact and their likely occurrence. Also, assessment and risk categorisation helps in prioritising and sorting them so that the required actions can be planned. For that purpose, one method is to evaluate each identified risk and its occurrence along with severity of the risks’ impact. This would help in mapping the risks as a by-product of the likelihood of an unwanted outcome and its impact on the ability of the organisation to achieve its targets and goals. Charity Care is required to map and provide rating to the risks as per their impact and likelihood of occurrence. A strong focus on high-impact risk should be given so as to mitigate the problem.
Stage 4: Evaluation and Implementation of Strategies
Once the compliance risks associated with Charity Care are identified, the managers will require to ensure that suitable actions are taken to mitigate their impact. This requires a thorough assessment of existing controls. Looking into the issues of Charity Care, the following actions may be planned:-
- Establishment of a compliance cell that takes care of the legal and business offence in the Charity Care.
- The risks can be mitigated by establishment of control procedures, such as personnel policies, internal financial controls, etc.
- Reviewing the process on regular basis in order to avoid the high impact risks.
3. Monitoring Methodology
The proposed system of compliance managementis powered with an ability of continuous improvement. This is a dynamic model that ensures that new risks are addressed as soon as possible. There are certain aspects of compliance monitoring within a charity organisation. These include (Susanto, et.al, 2015):-
- Ensuring the determination, assessment, and mitigation of associated risks is assisting in the achievement of the operational objectives of Charity Care.
- Ensuring that the process of assessment is fulfilling the criteria of manager for acceptable risks (Ping& Muthuveloo, 2015).
- Assessing the financial aspects of compliance issues as part of budget planning and monitoring
- Keep a regular check on interim process reports and suggesting changes on regular basis
4. Results and Analysis
From the proposed compliance management system and proper monitoring, it is clear that risks can be reduced significantly. Keeping a regular check on the financial bills and processes can help in increasing the transparency within management and stakeholders. Also, it will help in resolving the issues with record keeping. Furthermore, it will assist in better budget planning.
In this report, the establishment of the system was discussed. The four stages were also elaborated in context of the Charity Care. In addition to this, the monitoring methodology was also elaborated and it results and analysis were also discussed.
- Badriyah, N., Sari, R. N., & Basri, Y. M. (2015). The effect of corporate governance and firm characteristics on firm performance and risk management as an intervening variable. Procedia Economics and Finance, 31, 868-875.
- Courtney, P., & Deangelis, D. (2018). S. Patent Application No. 11/771,643.
- Frank, T., Fingerhut, G., & Laxminarayan, G. (2012). S. Patent Application No. 09/776,994.
- Meulbroek, L. K. (2012). A senior manager's guide to integrated risk management. Journal of Applied Corporate Finance, 14(4), 56-70.
- Mohd Nasir, N., Othman, R., Said, J., & Ghani, E. (2012). Financial reporting practices of charity organisations: A Malaysian evidence. International Bulletin of Business Administration, ISSN.
- Nocco, B. W., & Stulz, R. M. (2016). Enterprise risk management: Theory and practice. Journal of applied corporate finance, 18(4), 8-20.
- Ping, T. A., & Muthuveloo, R. (2015). The impact of enterprise risk management on firm performance: Evidence from Malaysia. Asian Social Science, 11(22), 149.
- Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2012). A novel method on ISO 27001 reviews: ISMS compliance readiness level measurement. arXiv preprint arXiv:1203.6622.