Regardless of whether you run a small business or whether you are involved in a not for profit association or even a large publicly listed entity, the control your organisation and its success will depend upon the decisions that you make.

Each decision you make always have a risk associated with that decision.  It is the appetite for risk that you have in your business or your not-for-profit entity that you are willing to accept or retain in the business to achieve the strategic outcome you really want.

Part of that risk profile I want to talk about incudes the tolerance you have for minimising your risk in the operational matters that you can either control or that you are obliged to report against because it is a law you must observe or a standard set by your industry body.

It will be a combination of one or more of the following: a tax law obligation like an audit requirement, a licensing requirement with specific obligations to meet like meeting professional standards or guidelines, a reporting obligation like those imposed on a charity or on a listed company, but whatever your environment you will certainly have legal obligations to meet and probably one or more regulatory bodies that are acutely interested in your businesses practices.

I certainly do.

Legal compliance is absolutely essential because your risk of failing to meet the compliance obligations are often catastrophic.  Imagine losing your license to operate in your business.  Whether it means that your fleet of vehicles or aircraft cannot be moved, you are under a health regulation which prohibits you from preparing your product for sale, or your regulatory body takes the initiative to exercise a power to assume control of your not-for-profit organisation; it’s frightening to imagine that you can be out of business in a flash.

While the minimum action that is required of you is to meet these minimum compliance obligations, there is a much better approach which is to put in place a structured compliance management system or framework as a key component of your business.

This is broader that just ensuring minimum obligations are met.  It ensures you comply with all obligations whether they are mandatory or voluntary in nature and whether they are external to your organisation’s business operations or internal obligations going to the heart of what you do.

There is plenty of guidance on the approach to developing a Compliance management system such as the current international standard, ISO 19600:2014 which is recognized in Australia as AS/ISO 19600:2015.

My experience in working with organisations is that developing compliance tools is seen as just a headache and a painful necessity in order to meet the minimum regulatory standards to keep operating.  It is viewed as an expense without a return.

In truth though, a compliance framework that is embedded as part of good business practice, can provide an organisation with an advantage over their competitors because if it sewn into the fabric of  the organization it canl help to achieve both your financial and strategic objectives, or your charitable objectives, if you aren’t focused on profit.

I’ve  seen organisations struggling over successive financial years to recognise and act decisively following a negative audit report detailing unexplained financial discrepancies that always result from failed compliance management.  To fail to heed and react to assume the responsibility for failures that are actually detailed in an audit report or a regulators letter is dangerous.  There is no excuse for suggesting a lack of knowledge is a reason for inactivity.  There is a wealth of information available regarding, say, internal audit obligations if you look for it.

The challenge is to implement immediate measures to assure your regulator that any failures will be avoided by robust systems and processes to prevent a re-occurrence.

It’s a timely warning that as the owner/director/committee member of an organisation, you should strongly consider the strength of your compliance management system in your basic delegation of authority within the organization to not only ensure that the laws that affect you are strictly observed, but to fully embed a structure that will assist you to achieve your goals.

Bruce Havilah