Compliance Framework
The purpose of the Compliance Framework is to implement an appropriate Compliance Policy – one component of an integrated Governance Risk Compliance (GRC) approach to effective corporate governance, enterprise risk management and corporate compliance with applicable laws, legislation, objectives, contracts, strategies and policies.
Compliance Management
Along with the Australian Standard AS3806-2006 Compliance Programs, the Audit Office of NSW has identified Compliance Management as a key component of corporate governance.
This Framework establishes an appropriate strategic framework that defines the responsibilities of both management and employees and facilitates the implementation of robust practices for the effective management of compliance obligations.
This Framework establishes an appropriate strategic framework that defines the responsibilities of both management and employees and facilitates the implementation of robust practices for the effective management of compliance obligations.
GRC
Management
GRC management ensures that key capabilities are interpreted and implemented such as;
- Controls and policy library
- Policy distribution and response
- Controls self-assessment and measurement
- Remediation and exception management
- Reporting
- Risk evaluation and compliance dashboards
OCEGs GRC Capability Model
OCEG's GRC Capability Model™, contained in OCEG's Red Book, defines a comprehensive framework for GRC processes and functions across an organization. The GRC Capability Model™ sets out eight key Components that operate continuously to enable an organization to optimize its GRC system. Each Component contains Elements that set out essential GRC system practices.
Although various standards and guidance frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG GRC Capability Model™ is the only one that provides comprehensive and detailed practices for an integrated and collaborative approach to GRC.
Although various standards and guidance frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG GRC Capability Model™ is the only one that provides comprehensive and detailed practices for an integrated and collaborative approach to GRC.