Tip of the Month: Compliance Checklists Informing your Compliance Risk Ratings
April 17, 2023
Did You Know?
That with BarnOwl it is possible to send out automated compliance checklist/s (survey) to the relevant respondents and use the % compliance scores to more objectively rate your compliance risks:
- Step 1 – Import compliance content (Acts, provisions and questions per provision) from BarnOwl’s 3rd party compliance content provider or use your own compliance content.
- Step 2 – Send out compliance checklist/s to the relevant respondents.
- Step 3 – Use BarnOwl’s compliance dashboard to compare the % compliance score with the provision risk rating.
Step 1 – Import an Act to create a Compliance Risk Management Plan (CRMP)
After importing the POPIA act into BarnOwl, the following is an example of a POPIA CRMP (Compliance Risk Management Plan) / compliance risk register showing inherent and residual risk ratings:
Expanding these provisions, one can see the various questions that have been imported against each provision (obligation):
Step 2 – Send out compliance checklist/s to the relevant respondents
It is easy for the compliance officer (administrator) to create and send out automated compliance checklist surveys to the relevant respondents (owners). The respondents receive an email with instructions (including the due date) with a link to complete the checklist online. BarnOwl sends out reminders and escalation emails if the survey is not complete on time. Respondents answer the questions as well as attach evidence and / or raise action plans where required. Once complete, the respondent submits the survey:
Step 3 – Use BarnOwl’s compliance dashboard to compare the % compliance score with the provision risk rating
BarnOwl provides extensive reporting on the results of surveys including the export of all answers per business unit per act per question. The following is an example of an export of the POPIA survey directly from BarnOwl. 100% = Yes and 0% = No. BarnOwl also enables questions to be weighted differently if required:
The BarnOwl compliance dashboard is extensive and can be customised to meet specific requirements. The following is an example of the compliance survey overview with drill-down into each section of the act enabling benchmarking across business units as well as trends over time:
The ‘Risk to Question dashboard’ allows you to compare your risk ratings (inherent and residual) with the % compliance score derived from the survey answers linked to each risk (provision):
For example, in the figure below, by clicking on risk 012 ‘Noncompliance – 012 Further processing to be compatible with purpose of collection’, one sees how the individual questions linked to this risk (provision) were answered to make up the % compliance score:
The 7 questions linked to this risk (provision) give you a compliance score of 500/700 = 71.43%. This % compliance score can be compared to the residual risk of 4.00.
In summary
- Objectively answer compliance questionnaires (evidence based and action plan based)
- Use the resulting % compliance scores to more objectively rate your compliance risks
- Identify key compliance risk areas and implement and track mitigation plans
- Track compliance trends
- Improve compliance maturity
- Take the pain out of compliance
- Embed a culture of risk and compliance
Useful links
Some useful links:
https://barnowl.co.za/knowledge-base/tip-of-the-month/taking-the-pain-out-of-compliance/
About BarnOwl:
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 150 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.
Please see www.barnowl.co.za for more information.