Timely communication is at the heart of an efficient compliance program. In your business, how are communications managed? Do you rely on your administrator to initiate emails and reminders to stakeholders? Do things sometimes slip between the cracks?
In this article we look at three compliance areas – audits, corrective actions and risk – and highlight the key events that typically give rise to communications with stakeholders. You will note that the type of emails share similar headings across all three areas, however the context differs in each case.
By automating your communications you can optimise your time and reduce your workload. Does your compliance management system allow you to set up automatic emails for the following events?
- Scheduling: Notify assigned auditors and auditees about upcoming audits
- Reminders and escalations: In the lead up to the audit, reminders should be sent to the assigned parties at predetermined intervals to keep everyone on the same page
- Overdue notices: Obviously tasks need to be commenced and completed on a prescribed schedule. If this does not happen, reminders need to be sent to the parties restating the requirements. In the further event of inaction the matter should be escalated to higher management
- Audit Modification: If an audit is modified, the parties including the original or replacement auditor, need to be kept informed with regards to scope and date changes
- Status Change: Tailored notifications can be set up over a pre-determined cycle as the audit progresses. These are designed to keep all parties informed and to trigger additional processes, such as a review or authorisation
- Completion: When the audit process is completed, an automated email can be sent to notify parties involved. At this stage an audit report or other system documentation may be attached
- Creation: Assigned stakeholders are notified when a corrective action record is created, advising them of the need for improvement
- Reminders: Reminders are sent to stakeholders at pre-determined intervals until the matter is resolved. Initially these may just restate the requirements if the matter is not resolved by due date, however communications can include referral to higher management in the event of further inaction
- Overdue Notices: Reminders about due dates are sent to all parties, restating the requirements of the non-conformance
- Modification: If a corrective action is modified, the stakeholders should be kept informed. For example, the auditor originating the corrective action should be notified when the auditee advises details of any actions taken. The auditor would then review the action and close out the matter if it has been adequately resolved..
- Risk Assesment: Once a risk assessment has been conducted, stakeholders should be advised by email. This prompts those responsible to review the risk and the need for any mitigation measures
- Risk Control Management: Reminder notifications are sent to those assigned responsibility for risk control implementation
- Risk Level Changes: Advanced risk management systems allow automatic changes to risk levels (for example, if a third party performs badly at audit, or fails to implement corrective action, their risk level may be automatically downgraded). Email notification of these changes ensures that all parties are aware of the heightened risk to the business and can implement remedial action
- Risk Exceptions: Alerts should be sent to specific parties in the event of High risk scores and/or risk exceptions are identified.
By implementing an automated communication system across the key areas above, your compliance management system becomes smooth, informative, and efficient. This will allow you to concentrate on more important compliance tasks that deserve your attention. Think of all the time you will save! After all, your time is precious.
One final thing: it’s important to note that all emails – whether automated or not – must be readable and actionable. This will increase the rate of response to each email. The whole point of effective communication, in this case, is prompt action towards greater compliance.