Compliance and ethics professionals help an organization stay within mandatory and voluntary boundaries as the business drives toward objectives.
Mandatory boundaries include legal requirements; while voluntary boundaries are things like company values, policies, procedures, codes of conduct, and other contractual obligations.
This is achieved by a "compliance program" or "corporate compliance program" that addresses boundaries with management actions and controls.
The goals of compliance, a compliance program, sometimes called a corporate compliance program or regulatory compliance program, include:
The role of compliance in GRC is more than just the "C" in the acronym.
It is essential that those with compliance management responsibility understand the current and future strategy of the organization. Ideally these individuals should also be involved in strategy discussions to ensure that compliance is factored into strategic decisions.
Similarly, compliance and ethics officers must communicate about requirements, how best to stay within the boundaries or affect where the boundaries fall, and how compliance requirements affect risk analyses.
Communicating with human capital and operating executives to establish and teach ethical decision-making is also important.
Other GRC disciplines play a role in compliance.
It is essential that people who are not specifically charged with compliance management also understand what their colleagues need in compliance.
This includes knowledge about: