Did You Know?

You can't manage what is not measured

FORUM
leafleafleafMan illustrationFlower illustration
Updated on May 22, 2024

Docly

Compliance Management Policy & Procedures

Estimated reading: 12 minutes 105 views

Objective

  • Document Code : QA-PR-02 
  • Issue Date : 21/11/2021 
  • Issue No :01/00
  • Revision No :—
  • Revision Date : —/—/–

OBJECTIVES

Compliance management is a defined approach that documents processes, procedures, and responsibilities for achieving quality policies and objectives. Compliance management helps coordinate and direct our organization’s activities to meet customer and regulatory requirements and improve its effectiveness and efficiency on a continuous basis.

The compliance key concepts are:

  1. Process Documentation & Improvement  To have a clear & accessible source of knowledge.
  2. Internal Audit & Performance Management  To ensure compliance to the organization’s rules & procedures.

1. Compliance & Quality Management System Principles

Implementing a quality management system affects every aspect of an organization’s performance, it enhances customer satisfaction and decreases internal efforts and errors. Below are the basic requirements for a successful quality management system are:

  1. Context & Objectives : All our employees should be aware of our vision & mission, business objectives, main rules, and policies.
  2. Leadership : We must have clear organizational roles, responsibilities and authorities, risk management studies, customer focus approach.
  3. Planning : Ensuring that we have action plans for our business risks, plans must be consistent with our policies, measurable, relevant, can be monitored and communicated.
  4. Support : Ensuring people are selected well, have enough tools to perform their tasks, having access to knowledge base and communication tools, and a suitable work environment.
  5. Operations : Ensuring we have policies & procedures related to customer communications, service requirements, day to day workflows, documentation, and work fulfillment evidence available and accessible when needed.
  6. Evaluating : The organization must have a clear approach on what needs to be monitored, how it’s going to be monitored, like the employee’s performance management, internal audit, business reviews actions, and outputs.
  7. Improvement : We must determine how to improve the business processes, nonconformity, and corrective actions through continuous business process reviews and analysis.

2. Process Documentation

Documenting the business process is important for many reasons including: 

  1. Operational redundancy  reduces the risk in the event that key talent leaves or is unavailable.
  2. Business process improvement  can only be done with accurate process documentation.
  3. Operational efficiency by reducing performance variance through operational consistency.

Process Documentation Plan

The process documentation plan states the required processes that need to be documented and communicated with the employees.

  1. The compliance team will create a process documentation plan including the Department, Process Name, Importance, Status, The Time Needed for documentation.
  2. The plan is subject to change anytime according to business needs.
  3. Regular fulfillment checks will be done with the management during the business review meetings.
Process Documentation Plan

Data Collection

The data collection phase is critical to the success and validity of documenting our processes. Sometimes the actual process is done differently and we need to know how it is actually happening. Any differences could lead to a new best practice.

The compliance team will follow the below steps during the process documentation:

  1. Communicate with the owner about the process name, why it’s being documented, the required meetings, resources, manuals, SLA, and any related documents.
  2. The owner should state the required time needed to prepare the required documents or the available time slots for the meetings within two working days .
  3. After receiving the data, the compliance team will study the data within two working days .
  4. The compliance team will shadow every process step in order to document all the details.
  5. During the shadowing phase, the compliance team will collect recommendations and work challenges in order to discuss them with the owner.

Research & Best Practices

After having enough information about the process steps, the compliance team will start comparing the steps to the international standards, best practices, studies. 

Most of the studies & information must be based on certified international standards and trusted sources such as:

  1. ISO 9001:2015 Quality Management System
  2. ResearchGate
  3. Google Scholar
  4. Microsoft Academic
  5. LinkedIn Learning

First Draft & Reviews

  1. The compliance team will write the initial draft of the process document.
  2. The draft will be written on the process library and a link of the document will be sent to the process owners and the CEO to review.
  3. The process owners will review the process within two working days  and write their comments.
  4. In case the owners require more explanation, they can request a meeting with the compliance team for discussion.
  5. The changes requests will be added at the end of the review document.

The Final Sign Off & Publishing

  1. Once the process is reviewed and approved by all parties, the compliance team will prepare the document for online signature.
  2. During the documentation set up, the compliance team will set a documentation sign reminder to automatically send email notifications once every two days that the document is still not signed.
  3. The concerned parties can follow the below steps to sign the documents.
  4. Once the document is signed by everyone, the compliance team will send a notification email to Raya Smart Buildings All containing a link to the process document.
The signing reminders will look like this:
The announcement email template:

Process Document Elements

The process document elements include any and all documents that go to support a process such as:

  1. Standards Technical document designed to be used as a rule, guideline, or definition and does not contain the details of doing something. ISO is the best example.
  2. Policies Guidelines developed by an organization to govern its actions & limits within which decisions must be made. Like the attendance policy or the dress code policy.
  3. Process Represents WHAT are the steps and decisions involved in the way work is completed.
  4. Procedures Represents HOW the work steps are done.
  5. SOP A standard operating procedure is a set of step-by-step instructions compiled by an organization to help workers carry out routine operations. An SOP file can contain a set of policies, processes & procedures and is based on a specific standard.
  6. Audit Checklists A list created by the audit team during the audit planning phase to check what tasks need to be completed in order for the process to be compliant with the organization’s requirements.  
  7. Forms
  8. Templates
  9. Tutorials

3. Auditing Management System

ISO 19011

Auditing is characterized by reliance on a number of principles. These principles should help to make the audit an effective and reliable tool in support of management policies and controls, by providing information on which an organization can act in order to improve its performance. Adherence to these principles is a prerequisite for providing audit conclusions that are relevant and sufficient, and for enabling auditors, working independently from one another, to reach similar conclusions in similar circumstances.

Download ISO 19011

2.1 Audit Program Management:

The extent of an audit program should be based on the size and nature of the auditee, as well as on the nature, functionality, complexity, the type of risks and opportunities, and the level of maturity of the management system(s) to be audited.

1. Establishing Audit Program Objectives

The top management should ensure that the audit program objectives are established to direct the planning and conducting of audits and should ensure the audit program is implemented effectively. These objectives can be based on consideration of the following:

  1. Needs and expectations of relevant interested parties, both external and internal
  2. Characteristics of and requirements for processes, products, services, and projects, and any changes to them
  3. Management system requirements
  4. Need for evaluation of external providers
  5. Auditee’s level of performance and level of maturity of the management system(s), as reflected in relevant performance indicators (e.g. KPIs), the occurrence of nonconformities or incidents or complaints from interested parties
  6. Identified risks and opportunities to the auditee
  7. Results of previous audits

2. Determining & Evaluating Audit Program Risks & Opportunities

The individual(s) managing the audit program should identify and present to the top management the risks and opportunities considered when developing the audit program and resource requirements so that they can be addressed appropriately.

3. Establishing the Audit Program

  1. Roles & responsibilities of the individual managing the audit program
  2. Competences of individuals managing audit program
  3. Establishing the extent of the audit program
  4. Determining the audit program resources

4. Implementing audit program

  1. Communicate the relevant part of the audit program including risk & opportunities to stakeholders and inform them periodically of its progress
  2. Define objectives, scope, and criteria for each individual audit
  3. Select the audit method
  4. Coordinate and schedule audits and activities related to the audit program
  5. Ensure the audit team has the necessary competence
  6. Provide the team with resources
  7. Ensuring conducting the audits in accordance with the audit program, managing all operations risk & opportunities and issues as they arise during the audit
  8. Ensuring relevant documented information regarding audit activities are properly managed and maintained
  9. Define and implement the operational controls necessary for the audit program
  10. Review the audit program to identify the opportunities for improvement

5. Monitoring the audit Program (evaluation)

  1. Whether schedules are being met and audit program objectives are being achieved
  2. The performance of the audit team members including the audit team leader and the technical experts
  3. The ability of the audit teams to implement the audit plan
  4. Feedback from audit clients, auditees, auditors, technical experts, and other relevant parties
  5. Sufficiency and adequacy of documented information in the whole audit process

6. Reviewing & improving the audit Program

The individual(s) managing the audit program and the audit client should review the audit program to assess whether its objectives have been achieved. Lessons learned from the audit program review should be used as inputs for the improvement of the program.

The individual(s) managing the audit program should ensure the following:

  1. Review of the overall implementation of the audit program
  2. Identification of areas and opportunities for improvement
  3. Application of changes to the audit program if necessary
  4. Review of the continual professional development of auditors
  5. Reporting of the results of the audit program and review with the audit client and relevant
  6. Interested parties, as appropriate

2.2 Audit Implementation:

The sequence of the audit implementation can differ depending on the auditee, processes, and specific circumstances of the audit.

  1. Audit Date & Frequency When & how frequent the audit will be conducted. Each process will have its audit schedule and frequency.
  2. Audit Duration For how long the audit and fieldwork will take place.
  3. Importance & Complexity What audit comes first and why.
  4. Owners Who’s the auditors and the auditees.

1. Initiating audit

The compliance team formally sends an audit engagement email to the management of the area that will be audited. The purpose of the email is to introduce the objectives of the audit, to detail the planned review process, and to set the expectations for the course of the audit.

2. Preparing audit activities

  1. Performing a review of policies & processes to understand the auditee’s operations and to prepare audit activities
  2. Determine possible conformity to the audit criteria and detect possible areas of concern, such as deficiencies, omissions, or conflicts
  3. Define the appropriate sampling techniques
  4. The risks to the auditee created by performing the audit
  5. The physical or digital checklists

3. Conducting audit activities

  1. Conducting an audit meeting with the auditee to discuss the audit scope and the subsequent audit steps
  2. The Collecting and verifying information during the audit
  3. The communication during the audit fieldwork
  4. Gathering the audit findings
  5. Prepare recommendations, if specified by the audit plan

4. Preparing and distributing audit report

The compliance team issues the formal audit report which is used to inform auditee management about any identified concerns and control weaknesses, and where and how these areas should be addressed. The audit report passes through the below phases:

  1. Draft Report The auditor issues the initial report to the compliance management for review.
  2. Initial Report The auditor sends the report to the auditee management for review.
  3. Corrective Actions The auditee management reviews the audit findings and provides corrective actions within 5 working days .
  4. Final Report  The auditor issues the final report to the CEO & the auditee management with all the audit findings & corrective actions.

5. Completing audit

The audit is completed when all planned audit activities have been carried out, or as otherwise agreed with the top management (e.g. there might be an unexpected situation that prevents the audit from being completed according to the audit plan).

6. Conducting audit follow-up

The outcome of the audit can, depending on the audit objectives, indicate the need for corrections, or for corrective actions, or opportunities for improvement. Such actions are usually decided and undertaken by the auditee within an agreed timeframe. As appropriate, the auditee should keep the individual(s) managing the audit program and/or the audit team informed of the status of these actions.

The completion and effectiveness of these actions should be verified. This verification may be part of a subsequent audit. Outcomes should be reported to the individual managing the audit program and reported to the audit client for management review.

Leave a Comment

Share this Doc
CONTENTS

Powered By EazyDocs