Category Archives: GRC

Committee Terms of Reference – TOR

Committee Terms of Reference (TOR)

Committee Terms of Reference (TOR)

WHAT ARE TERMS OF REFERENCE? DO YOU NEED THEM?

Terms of Reference (TOR) form a foundation stone for the commencement of any workplace investigation. Much like a recipe, they set out the core people and components of the investigation, as well as the boundaries and methods to be utilised. Without solid terms of reference, an employer’s well-meaning attempt to gather information and fix a workplace problem can fail, or cause even more problems. As well as establishing an understanding of what is required and by when, TOR create an excellent framework for the more detailed investigation plan. Terms of reference can prevent such pitfalls as misunderstandings, unintended breaches of privacy, and negative effects on relationships. 

WHEN SHOULD THE TOR BE DEVELOPED?
There are no hard and fast rules regarding how and when TOR should be drafted. Some employers start with a Statement of Complaint and flesh out the terms of the proposed investigation based upon this central concern. Others call upon the services of a workplace investigator to actually assist in drafting TOR, particularly where a workplace problem is vast, sensitive, and/or complex. Sometimes it is important to wait and collate some preliminary materials prior to pinning down the exact terms of the investigation. In any event, it is important to start working on your TOR sooner rather than later, and certainly once a workplace investigation is confirmed.  
Below are typical sections of a ToR document. Each section needs to be customized to the unique needs of your committee. More formal committees usually need more formal information and instructions
Committee Name
Official name of the committee or group
Type
Can be standing, ad hoc (special project) or advisory (related to another board, committee or project)
Purpose
Describe the purpose of the committee (what the committee will do, why it was created)
Scope
Clearly describe what is in and out of scope for the committee
Authority
Describe the decision making authority of the committee (decides, approves, recommends, etc.)
Membership
Type and number of members, how members are appointed, how the chair and co-chair are appointed and a list of members (Name and functional role)
Meeting arrangements
Meeting frequency and location, meeting procedures (if applicable), quorum, details about agendas and minutes (how these will be distributed, available online, who prepares them, etc.), communication between meetings.
Reporting
Describe whom the committee will report to, in what format, how often
Resources and budget
Describe the available resources (people, rooms, equipment, etc.) available to the committee, Describe the funds available to the committee
Deliverables
Describe the requested/required committee output
Review
State the ToR review frequency and next review date

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

The Back-Office System and Procedures

The Back-Office System & Procedures

The Back-Office System & Procedures

Bringing in clients (New Business) seems to be the most exciting thing there is, right? That’s why there are so many marketing agencies popping up. Content strategy, copywriting, ads… they all are sexy.

Doing the work is not as fun, but that’s how you get paid — so you give it a pass.

But the Back-Office is not generally thought of as sexy. It’s a crucial component if you want to take your business to seven plus figures.
What does Back-Office include?
This system manages every foundational element that is needed to run a business — other than your New Business and Production teams.
I’m talking about things such as legal, HR, rent, administrative and operational support, etc.
Anything that is essentially non-billable and doesn’t directly contribute to your revenue is what I would leave under back-office.
Effectively Managing The Back-Office.
Something that I really try to make emphasis on throughout my content is that every system is comprised of people, processes, and tools. And the Back-Office is no exception.
People:
In the beginning, for many companies, one or two people were in charge of every single aspect of this system (in all systems, really). They are the ones signing contracts, sending invoices, finding contractors, hiring employees, etc.
They think that they are working on the business. But, over time, things got more complex. They can’t do everything anymore, so they have to start hiring other people and delegating. They need processes and procedures to be the “go to” document to explain what to do when they are not there. It goes without saying, but people are a HUGE determinant factor of your success.
Processes:
You can help your people by setting up a process that optimised their efforts and minimises costs. But someone has to design that process. It can either be you or someone from your management team — but it has to be done.
Why?
If you can document step by step the actions of your legal and hiring processes, for example, the business becomes less “You-dependent”.
How will you generate candidates when there’s an available position at your company? Who will contact them? How many rounds of interviews will they have to go through? Who are the final decision-makers?
It may seems like you are wasting a couple of hours to get that on a piece of paper. However, trust me: you’ll realise how much quicker and sustainable you can scale and grow after you have every system documented in detail. Note: having clearly defined guidelines will also help you make less emotional decisions.
Tools:
Think of tools as any apps, software, and other tech or old-school solutions that make your life easier.
I’m sure you are already using them in some way: to improve the communication within your team, to onboard employees, to create invoices, etc.
Automation will help you reduce the number of people your company needs to operate. It can even fully eliminate repetitive tasks from your daily to-do list.
A couple of examples:
You could send contracts through DocuSign to your new clients so that you can get that out of the way much faster. And you could automate sending the onboarding material as soon as they sign. Have a recurrent invoice sent at the end of every month. Obviously much easier, faster, and cheaper, right?
Understanding the Real Cost of Your Back-Office:
As I said before, the business owner/CEO– will usually manage the whole Back-Office system in the early days. That’s totally normal, but, as you grow, things will change. You’ll have more clients, you’ll expand your business, and you’ll need more employees to fill that need.
But beware to not run into this issue:
  1. As you scale up, your back-office will also scale up.
  2. And you don’t want to underestimate how much it’s going to cost you.
Yes, in the very beginning, it will only take time and effort — but not money. Which, obviously, is still a huge expense. But what happens when instead of sending one invoice, you need to send 10? Or you have to hire not one individual, but two or more? You can only service a certain amount of business areas while maintaining your quality standards.  
Of course, when you have someone in charge of that, these costs have to now be factored into the equation. I’ve seen plenty of business owners that they didn’t plan for this and guess what happened?
Their profit margins got screwed up and they realised they weren’t charging enough.
Just as a reminder, this goes like this: revenue – cost to produce everything – everything else.
Well, everything else will naturally increase over time as your business grows. You’ll want to reduce it as much as you can through automation, processes, and high-performing people, but it will happen.
As long as you’re not just throwing unnecessary bodies and it comes from a place of growth, the back-office is a price that you should be willing and capable to assume. Just make sure you account for it and doesn’t come as a scary surprise.
The Back-Office System Summary:
  • The Back-Office System includes anything that is essentially non-billable and doesn’t directly contribute to your revenue. I.e. legal, HR, rent, administration, and operational support.
  • As you grow, you’ll need to find people to take over every element in the system. Use the leverage from well-designed processes and tools to increase your output efficiency.
  • There’s a real cost of managing the Back-Office, especially as you scale. Make sure you factor it into your prices and profit targets.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

We Accept Crypto
Ask Us For Details
This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

Compliance Bench-Mark Check: Annual Policy Review

Annual Policy Review

Annual Policy Review

Best practice for all governance is at least an annual review of policies and Terms of Reference. Policies should be reviewed by the policy owner and submitted for republishing to the Board/Partners in good time. The updated policies should then be uploaded somewhere centrally (we can help with this) to create a single version of the truth copy. Version control needs to be maintained.

The review should cover at least;-
Identification
  • Policy Owner TITLE
  • Review frequency Annual
  • Responsible for document management
  • Next Review Due Date TITLE 
  • Date
  • Security classification Restricted
  • Version control updated with salient changes?
Content Questions
  • Is the policy consistent with the core values and principles, mission and strategic plan of the firm? YES/NO
  • Have there been deviations from the policy over the past year? If yes, were there a sufficient number to consider revising the policy? YES/NO
  • Are there ambiguities in the policy statement? Are there questions arising from this policy? (if yes, perhaps the policy needs rewording for greater clarity) YES/NO
  • Does the policy comply with current legislation? YES/NO
  • Have you amended to include any practices that may have been adopted (due to limitations or resource shortfalls) to ensure they are consistent with the policy statement? i.e., heuristics, short-cuts, workarounds. YES/NO
  • Checked for any contradictions within the policy statement? YES/NO
  • Checked for conflicts or contradiction of other policies? YES/NO
  • Is the policy consistent with current technology? YES/NO
  • Is language within the policy statement current? YES/NO
  • Is the policy consistently interpreted? YES/NO
  • Are the related procedures relevant and up to date? YES/NO
  • Is the scope (i.e., to whom or what it applies) accurate? YES/NO
If there are any “No” answers, please review and amend the policy and/or procedures accordingly.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org.

Compliance Benchmark Audit and Projects
This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

Compliance Annual Reporting Requirement

Compliance Annual Reporting

Compliance Annual Reporting

Annual Compliance Report
Providing a written report to your Governing Body in respect of compliance on an at least annual basis is a requirement of the FCA Systems & Controls (SYSC) Handbook.  Areas covered should include your compliance monitoring, policies and procedures and the overall Governance, Risk & Compliance (GRC) risk management processes you have in place.  You might also wish to provide details of any “horizon” or issues whereby compliance monitoring is to be undertaken in the course of the next year.  We normally recommend a quarterly, six and 12-month perspective for this report and MI trends identified.
Money Laundering Reporting Officer (‘MLRO’) Report
The firm’s MLRO is required to submit a report to your Governing Body on an at least annual basis in respect of the operation and effectiveness of your firm’s anti-money laundering systems and controls.  We normally recommend a two-month timeframe for this report.

Don’t forget this includes results of “Reviewing Policies and Procedures”

Compliance monitoring obligation
The FCA require firms to regularly assess the adequacy and effectiveness of the measures they have put in place to comply with all applicable FCA rules, through active compliance monitoring. If you have been affected by recent rule changes, this is a suitable time to satisfy yourself that you are complying with the new rules. Firms are encouraged to take a risk-based approach, so there are a number of ways in which Compliance Consultant can really help:
  • Review and update your existing monitoring programme to ensure it is risk focused and fit for purpose.
  • Perform an independent compliance effectiveness review of any internal monitoring that you have conducted. We recommend that this is completed at least every two years.
  • Conduct a monitoring review into one or more specific areas of your compliance arrangements and provide a report on any deficiencies.
  • Provide a fully outsourced compliance monitoring review.
As the FCA imposes more (and larger) fines on individual board members and senior managers, we feel that compliance monitoring is probably the best investment a firm can make to protect itself and its board.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email info@complianceconsultant.org

compliance consultants london

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

 

Other Posts In This Series
Original Source: https://www.bovill.com/year-end-reporting-requirements/

Risk Management – Governance, Risk & Compliance (GRC) Frameworks

rissk management framework template

Risk Management is an often overlooked or, even, misapplied process. Often seen as a tick the box exercise by many of the smaller thinking financial services companies. 

Good risk management doesn’t just work with the obvious and known risks, but a good governance, risk and compliance (GRC) framework will provide the firm the process and ability to dig deeper, raise questions, and even reveal previously unidentified, clarified or identified risks. By having effective controls it can create a culture of risk awareness and greater voluntary adherence to your compliance framework.

A good GRC framework will look at positive controls as well as negative areas of potentially unidentified risks or inefficiencies, but provide the rigour of a robust risk management framework template and process to manage whatever is found, with complete buy-in and ownership of the process owner impacted.
So what benefit does having positive controls in any risk framework?
Risk events or occurrences, can provide positive outcomes that are better known as ‘opportunities’.
These can take the form of;
  • Increased revenues, clarity around processes, reductions in costs and thus regulatory capital.
  • A robust and appropriately scalable risk framework template improves the ability and capacity to change quickly and as well as embedding any organisational or regulatory adoptions. It also enables not only an increased ability to deliver strategy in an environment of preventative measures but provides a greater predictability of outcomes, measured against known capacity, workflow and previous outcomes.
  • Finally, a seasoned risk manager with good data for only a few months can soon assist in better decision making and resilience when business like hits them with the unannounced and inevitable curve-balls.


Risk Management Framework Templates
GRC Frameworks fit together with all types of project management as well as the lowest forms of product governance and serves to provide communication to all stakeholders so as to avoid crises. By continually monitoring, with review and revision as necessary, everyone can see how the firm is moving ahead and has confidence in its progress.
Risk Management Framework Steps
Once established and implemented for a firm and their specific size, idiosyncrasies and management style, a risk framework template typically does not require high overhead or senior management involvement.
Initially, Risk Awareness Workshops would need to be hosted and facilitated by specialist consultants for the whole framework to be built, roles identified, governance formalised and the whole risk framework template explained to the staff.
The adaptation of a firm’s existing Governance, Risk and Compliance Management frameworks, including relevant systems and processes, can be done in the background, remotely by the specialist firm. This work is than promoted and launched by the specific risk committee agreed upon, to finalise and transition the firm to the new digitally managed framework.


Larger enterprises will take proportionately longer to implement, but having more data available will be beneficial as the faster learning over a greater number of projects or initiatives will be absorbed by their risk registers, translating into lessons learned.
In one intervention, we were tasked to rewrite the risk framework of a FTSE100 company (see Case Studies). We maintained their risk rating with the risk agencies and saved them 18% of their regulatory capital; a mere £99M. If we ask to work for a percentage of savings, you will understand why.

Risk is definitely not a four letter word.

To discuss your needs with digitally reducing your governance, risk and compliance framework call us on

0207 097 1434

or email pathfinder@complianceconsultant.org

 

More details on out Regtech Solution HERE

×
Current Activity
×
Another Happy Client
×
Another Happy Client
×