Today we'll be discussing about how we monitor and measure our compliance requirements.
I'm going to quickly reference ISO 14001 - which is the environmental management system standard - however, we can take this across any compliance and legal obligations in any particular subject matter across the business including quality assurance, OH&S, data security, financial risks and how we identify our legal requirements.
How do I work as a CEO?
My first piece of advice is you have to do the reading. What I would suggest you do is identify the legal and other requirements on an ongoing basis, so carve out the time in your calendar to do the reading; I have to do that as the CEO here at Best Practice.
We've got staff, contractors, safety requirements, environmental requirements, taxation, financial requirements and company reporting requirements, and the only way that I can stay up to date is to identify those requirements by calling in key resources and consultants; our lawyers, accountants, our compliance staff here at Best Practice who I ask to let me know the types of things we need to comply with. We obviously keep a list of all the different acts, regulations and codes of practice that we need to comply with and then from time to time we check whether they've changed, whether they've been updated and we have to read through them and learn/understand so that we can decide what affects our business.
When you're talking about the application of say 6.1.3 of the international standard here from environmental management or quality or safety: it's all the same. It's about identifying those requirements, keeping a list when you hear about new things, adding to that list, and ultimately if you've got the ability delegate to subject matter experts who are either contractors/advisors of your business or within your team because they obviously help you with the international standards and they've also helped me.
So, look out for those changes, do the reading, keep a list, and it's important for your external auditors if they ask for it, to keep a record of when you did your checking and so we can just make a note: "Yes, we went looking- we went straight to the source".
That's my second piece of advice, to go straight to the source of the information and don't rely on third-party sources for updates. For example, here in Australia, with the legal jurisdictions you can go straight to the regulators/law makers and you can find out what they're doing on their websites. As the internet gets broader and broader and ends up in all aspects of businesses, you can definitely go there. So if it's the IRS, the ATO, or any of those regulators, from a financial perspective you can go straight to their websites and you can find out the changes in the updates. They're all compelled, a lot of them now have Facebook pages so following their Facebook page, looking at their LinkedIn feed, looking at their Twitter feed, and monitoring it is important.
A well-run business is well-organised, and carves out time and allocates that resource to reviewing and understanding of information.
There are no shortcuts and it definitely won't be a defence in court if you're being prosecuted.
So, unfortunately, it's an obligation and we need to do the hard work and when we put hard work in, we get great results out. So tip 1: do the reading, tip 2: go to the source, and obviously tip 3: is keep that list of all of that information so you can quickly refer to the list and go and see if things have changed.