Compliance Regulatory Environment developing a CRMP

7.5 CPD

R733.03

This learning unit will cover applying the compliance risk identification, compliance risk assessment and compliance risk management phases of the compliance risk management process to identify, assess and manage the relevant regulatory provisions and specific compliance risks contained within a specific regulatory item i.e. the development of compliance risk management plans (CRMPs). It will also identify and describe key activities and considerations related to the development of CRMPs.

Description

Focus Area

Once you have completed this module you will be able to:

  • Explain the methodologies that are used in the interpretation of regulatory requirements
  • Discuss the difference between inherent and residual risk and how to determine each
  • Explain the control framework that should be in place (nature of controls, i.e. directive, preventive, detective and contingent, and the types of control, i.e. people, process, systems and information)
  • Discuss the relevance of the control framework to the compilation of compliance risk management plans
  • Compile a compliance risk management plan according to Generally Accepted Compliance Practice

You should be able to:

  • Use the organisation’s compliance risk profile to prioritise the development of compliance risk management plans
  • Explain the implications of applicable regulatory requirements in plain language to management and other compliance stakeholders
  • Interpret and describe regulatory requirements (at section /provision level) in plain language
  • Determine inherent risk per section and/or provision of the relevant regulatory requirement
  • Analyse business processes and identify control measures in accordance with the organisation’s control framework (i.e. nature of control – directive, preventive, detective, contingent and types of control – people, process, systems and information)
  • Evaluate the adequacy and effectiveness (consistency) of the control(s)
  • Determine residual risk per section and/or provision of the relevant regulatory requirement
  • Explain need for and implementation of appropriate controls to provide reasonable assurance that business activities will be conducted in compliance with applicable regulatory requirements
  • Identify and agree with management on additional controls that may be required to reduce the residual risk to levels acceptable to management
  • Agree with management on target date for implementation of additional controls and the responsible person
  • Compile a report analysing the level of risk, findings pertaining to controls that were found to be inadequate or ineffective and document action plans agreed with management
  • Present and communicate the contents of risk management plans to management in a manner that cultivates buy-in for compliance with the respective regulatory requirements
  • Develop a distribution plan in accordance with the organisation’s reporting and escalation policy and procedures
  • Agree with management on the frequency of review of compliance risk management plans
  • Agree with management on when ad hoc reviews of compliance risk management plans would be required, e.g. when the regulatory requirement changes

Who should register?

Compliance personnel, risk management personnel, business owners, key individuals

CPD information

7.5