OCEG Online / PO3.2 Identify Mandated Boundary

AboutMission & StructureFounders & Leadership CouncilAdvisory BoardSteering CommitteeMedia Partners/AffiliatesManagement TeamContact Us / FeedbackTechnology CouncilStandards & GuidelinesFrameworkProcess FoundationRisk Area DomainsExposure DraftsTechnology / XMLResourcesGRC illustrated seriesTopics & GroupsCase StudiesGRC360 MagazineExposure DraftsGRC SourceBlogsGRC 360° - Driving Principled Performance™GRC TechnologyOCEG Technology BlogBenchmarking SeriesAudit & EvaluationMeasurement & Metrics GuideUpcoming EventsWebinar SeriesMember to Member NetworkNews & AnnouncementsJob Postingswhy join?How Can OCEG Help Me?Benefits Overview:: Governance:: Risk Management:: Audit:: Compliance:: Ethics & culture:: Technologyjoin / upgrade now

Measurement + Benchmarking

Events + Networking

why join?

You are here :: home > knowledge network > FND-OCEG Foundation "Red Book" v1 > P-Process > PO-Plan & Organize > PO3-Boundary Identification > PO3.2 Identify Mandated Boundary

PO3.2 IDENTIFY MANDATED BOUNDARY

Identify the mandated boundary of conduct for the organization including all applicable laws, rules, regulations and customary practices that introduce "de facto" requirements.

Facts specific to the entity's operations must be analyzed to determine whether specific laws or regulations apply, and in what fashion. Importantly, there will be some legal factors that can be defined as being of "primary" importance to the entity's operations because they apply to major and frequently occurring operations, while others may be "secondary" because they arise only rarely or upon the occurrence of specific events outsides the normal course of business. Although the entity should be aware of secondary factors, most attention will be paid to primary mandates and guidelines that directly affect operations.

Management should review all generally prevailing or customary practices that apply to the entity ("customary practices") and ensure that these practices are appropriately adopted. Any deviation from the customary practice should be explained. In certain circumstances, practices that are widely accepted constitute a "de facto" standard that an entity must meet. Otherwise, that entity may be deemed to be willfully blind to common industry practices.

Standards & Guidance

PO3.2.S01

Identify laws and regulations that apply to the entity.

PO3.2.S02

Develop an understanding of applicable practices, including best practices, commonly applied in the industry.

Core Practices

PO3.2.101

Identify relevant legal factors, including:
> laws;
> rules;
> regulations;
> administrative guidelines and rulings;
> significant judicial rulings;
> regulatory guidance;
> prosecutorial guidance;
> legal interpretations;
> consent orders and integrity agreements;
> enforcement activities.

PO3.2.102

Identify relevant customary practices given the organization's industry and geography.

PO3.2.103

Identify any customary practices required by voluntary commitments made to industry and trade associations.

Additional Practices

PO3.2.201

For each legal factor, identify sources of information for understanding additions, modifications and deletions.

PO3.2.202

For each legal factor, identify an individual "owner" who is responsible for monitoring changes or developments in the legal factor.

PO3.2.203

For each customary practice, identify sources of information for understanding additions, modifications and deletions.

PO3.2.204

For each customary practice, identify an individual "owner" who is responsible for monitoring the source of that practice for changes or developments.

PO3.3.202

Where possible, for each legal factor, identify ethical factors that stand behind the mandate.

GUIDELINE DETAILS

Actions:	Download
Legend:	Source / Reference Resource Domain Supplement