Compliance office responsibilities
1 / 50

Compliance Office Responsibilities - PowerPoint PPT Presentation

  • Updated On :

Compliance Office Responsibilities. Make compliance a part of everyday activities of the institution Monitor the various compliance program activities Communicate with the chief executive officer and others regarding compliance program activities Establish a compliance function.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Compliance Office Responsibilities' - unity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Compliance office responsibilities l.jpg
Compliance Office Responsibilities

  • Make compliance a part of everyday activities of the institution

  • Monitor the various compliance program activities

  • Communicate with the chief executive officer and others regarding compliance program activities

  • Establish a compliance function

Making compliance a part of everyday activities l.jpg
Making Compliance a Part of Everyday Activities

  • Awareness communication avenues

  • Risk-based plan and compliance manual

  • Training tools and delivery mechanisms

  • Monitoring plans and assurance processes

  • Confidential reporting mechanism

  • Reporting procedures

Monitor compliance program activities l.jpg
Monitor Compliance Program Activities

  • Training

  • “A” list risk monitoring plans

  • Non-compliance

  • Program

Communicate with executive management l.jpg
Communicate with Executive Management

  • Instances of non-compliance that require executive action

  • Risk-based plan

  • Monitoring activities

  • Compliance Committee meeting minutes

  • Compliance program self-assessment

Four elements required for managing compliance a risks l.jpg
Four Elements required for Managing Compliance “A” Risks

  • Responsible party

  • Monitoring plan

  • Specialized training plan

  • Reporting plan

    Each high risk must have all 4 elements.

Responsible party must exhibit each of the following l.jpg
Responsible party must exhibit each of the following:

  • Exclusive responsibility for managing the risk

  • Knowledge to manage the risk

  • Authority to manage the risk

Specialized training plan l.jpg
Specialized Training Plan


  • Who is trained

  • Level of knowledge transferred

  • Frequency of training

  • Provider of training

Reporting plan should include l.jpg
Reporting Plan should include:

 Activity to be reported

—Supervisory control activities detailed in monitoring plan

—Training activity detailed in training plan

 Items to be reported for each activity, such as number of transactions examined or number of employees trained

 Frequency of reporting for each activity

 Who receives the report for each activity

Supervisory control activities to be reported l.jpg
Supervisory control activities to be reported:

• The number or percentage of execution events or transactions in the universe and number examined

• The number or percentage of execution events or transactions that failed the control attribute

• The identified causes of failure

• The action taken to mitigate repetitive failure

• The need for process improvement

• The need to escalate the consequence of non-compliance to mitigate repetitive non-compliance

Examples l.jpg

  • Number of purchase contracts reviewed from the universe of contracts

  • Number of purchase contracts that did not satisfy the competitive bidding process

  • Identified causes of failure - such as, personal preference of requestor

  • Action taken - such as, provided training to all buyers

  • Process changes - such as modify computer program to include RFP# and Award Designation

  • Second instance for requestor - need to remove budget spending authority

Compliance committee purpose l.jpg
Compliance Committee Purpose

  • To provide the senior executive level

    decision-making function for the compliance program

Compliance committee duties and responsibilities l.jpg
Compliance Committee Duties and Responsibilities

  • Provide guidance and direction including policy decisions

  • Allocate resources

  • Ensure that appropriate action is taken for instances of non-compliance

Compliance committee composition l.jpg
Compliance Committee Composition

  • Size

  • Management Level

  • Line Management v. Staff Management

Compliance committee support mechanisms l.jpg
Compliance Committee Support Mechanisms

  • Compliance Function

    • Compliance Coordinator and staff

    • Monitor & assist high risk responsible parties

    • Perform training and risk assessment

  • Working Group

    • High risk area representatives

    • Perform specific tasks, as assigned by the compliance officer, that would normally be performed by the compliance function staff

Employee group insurance risk self assessment l.jpg
Employee Group Insurance Risk Self-Assessment

Collaborative assurance philosophy l.jpg
Collaborative Assurance Philosophy

  • Risk Management is the responsibility of every employee

  • Risk Management Assurance is provided by all levels of the organization

  • A Risk Self-Assessment is the basis for all risk management and risk management assurance activities

Risk management components l.jpg
Risk Management Components

  • Define a common risk management process

  • Assess Risk

  • Manage Risk

  • Learn and renew

Make risk management

a part of everyday activities

Risk self assessment the tool l.jpg
Risk Self-Assessment The Tool

1. Identify Goals and Objectives

2. Convert to Activities or Processes

3. Inventory Risks

4. Measure Risks

5. Prioritize Risks

Goals and objectives l.jpg
Goals and Objectives

  • Strategic Plan

  • Annual Operating Plans

  • Work Unit Goals and Objectives

Slide22 l.jpg

1. Establish




Assess Risk


Choose Mitigation Strategy







Assessing Risks

Brainstorming the technique l.jpg
Brainstorming The Technique

  • People involved in the process or activity

  • Identify activities performed to achieve goals and objectives

  • Inventory risks associated with each activity

Mitigation strategies l.jpg
Mitigation Strategies

  • Accept - no mitigation

  • Avoid - do not do the activity

  • Transfer - contract out/manage contract

  • Control - internal mitigation actions

  • Exploit - do something else

What is it l.jpg
What is It?

A model of both

periodic and on-going assurance regarding the

management of risks.

What are its benefits l.jpg
What are its Benefits?

  • Governance Benefits

    • Appropriate Assurance on all Risks

    • Fewer Surprises

  • Management Benefits

    • Real-time assessment

    • Ownership

  • Internal Audit Benefits

    • Increased Coverage

    • Value-added effort

Slide35 l.jpg

Assurance Continuum

Model for the 21st Century

Collaborative Assurance

(Governance and Management Control Processes)


Periodic Assurance


(Governance Control Processes)

I------------ On-going Assurance ------------I

(Management Control Processes)

Internal Audit Controls

Internal Audit Controls

Execution Controls

Supervisory Controls

Oversight Controls

Pre-operations design review of on-going assurance

During execution of event or transaction

Immediately after execution of event or transaction

Soon after execution of event or transaction

Post-operations audit of execution of on-going assurance

Slide37 l.jpg

Levels of Internal Control


In Process














Oversight Controls


Supervisory Controls



Execution Controls

UT System

Audit Office

David B. Crawford









Execution controls operating controls l.jpg
Execution Controls (Operating Controls)

  • Embedded in day-to-day operations

    • Policies and procedures

    • Segregation of Duties

    • Reconciliations/Comparisons

  • Performed on every event/transaction

  • Performed by the generators of the event/transaction

  • Performed in ‘real time’, as the event/transaction is executed

Supervisory controls monitoring controls l.jpg
Supervisory Controls (Monitoring Controls)

  • Re-application of operating controls

    • Supervisory Review; Quality Assurance; Self Assessment

  • Performed very soon after the generation of the event/transaction

  • Performed by line management or staff positions who do not originate the event/transaction

  • Performed on a sample of the total number of events/transactions

Oversight controls executive controls l.jpg
Oversight Controls (Executive Controls)

  • Exception reports, status reports, analytical reviews, variance analysis

  • Performed by representatives of executive management

  • Performed on information provided by supervisory management

  • Performed within a short period (weeks/months) after the event/transaction is originated

Internal audit controls governance controls l.jpg
Internal Audit Controls (Governance Controls)

  • Audit of the design of controls not the operation of controls

  • Performed either before the event/transaction is originated or long after

  • Performed by staff with no involvement in the operations

  • Performed on individual events/transactions for discovery only

Operational examples levels of control in the coso model locs l.jpg
Operational Examples Levels of Control in the COSO Model (LOCs)

Managing risk l.jpg
Managing Risk

  • Use the Risk Management Plan

  • Assign Responsibility

    • Risk Management Responsibility

    • Oversight Control Responsibility

  • Develop the following plans:

    • Monitoring

    • Specialized training

    • reporting

    • Pre-defined set of consequences for non-compliance with risk management plan

Monitoring plan l.jpg
Monitoring Plan

  • Execution Controls

  • Supervisory Controls

  • Oversight Controls

Specialized training plan47 l.jpg
Specialized Training Plan

  • Knowledge required to manage risk

  • Who needs that knowledge

  • How to transfer knowledge

  • How to measure effectiveness of transfer

Collaborative assurance learning and renewing l.jpg
Collaborative Assurance: Learning and Renewing

  • Gap analysis and Action Plans

  • “Play it again Sam!”

Gap analysis and action plans l.jpg
Gap Analysis and Action Plans

  • Self-assessments

  • Supervisory Controls

  • Oversight Controls

  • Internal Auditing

Play it again sam l.jpg
Play It Again Sam!

General Purpose Process (A - E)

Detailed Process (1 - 9)



Risk Areas









Risk Response

(Source: Adapted from TBS Integrated Risk Management Framework)