Review Your Legal and Other Requirements Register

Here's a call out to all Compliance Professionals. Now's the perfect time to look at those jobs that you almost never get around to.

This time, you need to review your legal and other requirements register.

This idea comes from an ongoing series of blogs that originated from "26 Ideas for Working from Home for Compliance Professionals".

Enjoy!

Introduction

An activity that organisations often fail to do well or manage effectively is the creation, maintenance and review of their legal register.

Well now is the time to do just that.

Most organisations, as part of their management integration projects, are putting other requirements into the register.

In countries like Australia, South Africa and the United Kingdom, I see registers called "Legal and Other Requirements Registers".  I like this name better as if really describes the register and the purpose of register.

Process

However, these registers can become unwieldy. So it is good to have a management process around your Legal and Other Requirements Register.  It should include the following steps:

1. Purpose
2. Create a Team
3. Identification
4. Map
5. Review
6. Manage and monitor

1. Purpose

What is the purpose of having a Legal and Other Requirements Register?

It should be where your organisation looks at all of their activities, and ensure they aligned to the requirements of their interested parties.

This register should be used by the Board to inform them of the status of their legal and other requirements.

2. Create a Team

It’s a big job. As the saying goes many hands make light work.

So get a team together who could represent all part of your business.

The hardest part of the review is to ensure that all areas are covered and the time to do it.

Here at Mango when we were getting ISO 9001 and ISO 27001 certification, we had to stand back and ask ourselves:

"what are all our legal and other requirements that need to be reviewed",

"did we need to improve", or

"are we OK".

Our Team at Mango included:

• Senior Management – with knowledge of compliance, ISO standards and some legal requirements associated with the day-to-day activities
• Lawyer- New Zealand and International laws, agreements and overseas requirements that were required to meet.
• Accountants – Tax and Companies Office requirements
• Independent adviser – Highlighted other examples of export requirements.

3. Identification

Our team enabled us to identify our legal and other requirements we needed to meet.

These were added to a register.

There were a lot of duplicated requirements identified which gave us a good level of assurance that we had done a good job as a team.

4. Map

As a lot of our requirements were aligned to our interested parties, we mapped them to ensure we were not missing any other requirements

The following is an example of mapping;

5. Review

Once we had created our Map we then reviewed each requirement to determine our status of compliant or not compliant.

6. Manage and Monitor

If we were un-sure if we were compliant or not an improvement was raised and someone was assigned to do any additional work.

We used the Management meeting to identify any new requirement and monitor the status of requirement until it was closed and we were complaint.

Once you have completed the process of identifying your requirements the ongoing management and the formal annual review process will be easy to maintain and just became a part of our business.

Takeaway

Determine the process you want to do

• One person can’t do the job by them self
• Review regularity will mean it’s easy to manage
• Be prepared to find things that you did expect.
• Don’t worry if you find you are not compliance, at least you know and can fix it.
• It’s nice to report that things are under control to senior management and boards

Here are a few sources of things that should be on your register

• Legislation
• Regulations
• Standards
• Consents
• Best practice
• Local or Shire bylaws
• Environment measuring
• Internal measurement