Compliance in Layman’s Terms – making sense of Acronyms in Compliance

“Our organizational strategic objective for 2022 is to shift our focus from GRC as adapted from SOX compliance to that of ESG compliant by reviewing our ERM as defined by our IMS”

In English please:

“Our organizational strategic objective for 2022 is to shift our focus from being Governance, Risk Management, and Compliance (GRC) as adapted from Sarbanes-Oxley Act (SOX) to that of Environmental Social Governance (ESG) compliant by reviewing our Enterprise Risk Management (ERM) as defined by our Integrated Management System”

Still confused?

As the global pressure mounts for companies to become compliant to globally accepted practices and standards, seemingly, so too does the list of specialised jargon, references and acronyms, thus to make better sense of it all, I thought it useful to share some of the most commonly used terminologies, references and acronyms referred to in the compliance environment.

Assurance

The level of confidence an organization has in how well a risk is being managed by MITIGATION activities. More effective mitigation activities have lower assurance scores, while less effective mitigation activities have higher assurance scores (see RESIDUAL RISK).

Attestation

The acknowledgement of understanding and abidance to policies, procedures or training

Audit

The process where an organization tests controls and workflows of the company to ensure the success or downfalls of each process

Authority Documents

The best practices, procedures, and regulations that an organization operates by.

BCP/DR

Business continuity planning/disaster recovery program. This is a business plan designed to maintain the integrity of business functions and resource reliability in the event of a challenge or disaster.

Benchmarking

Analysing your data year over year by comparing one's own business processes and performance against the industry standard to reveal compliance program effectiveness and determine needed improvements.

BIA

Business Impact Analysis. A systematic process to identify and evaluate the possible vulnerabilities or risks within the company that may occur. A BIA helps begin the process of planning and strategizing how to mitigate those risks from occurring.

Blockchain

A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions. Growing as completed blocks, the most recent transactions are recorded and added to the chain in chronological order allowing market participants to track digital currency transactions without central recordkeeping. Each node (a computer connected to the network) gets a copy of the blockchain that is downloaded automatically. Originally developed as the accounting method for the virtual currency Bitcoin, blockchains use what is now known as distributed ledger technology (DLT). This technology creates indelible records that cannot be changed, as the authenticity can be verified by the entire community using the blockchain instead of a single centralized authority.

Bribe

An incentive given or offered to a person or organization to encourage that person/organization to take an action that benefits the giver

Chief Privacy Officer

A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access

Chief Risk Officer

The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. The position is sometimes called chief risk management officer or simply risk management officer

Code of Conduct or Code of Ethics

An organization’s Code of Conduct is its policy of all policies. It’s a central guide and reference for users in support of day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. As a reference, it can be used to locate relevant documents, services and other resources related to ethics within the organization.

Compliance

Compliance is either a state of being in accordance with established guidelines or specifications or the process of becoming so

Compliance Burden

Compliance burden, also called a regulatory burden, is the administrative cost of a regulation in terms of money, time and complexity

Compliance Framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation

Compliance Risk

Risks organizations face when they are unable to follow internal policies, government laws and regulations, and is subjected to legal penalties and financial fines.

Corporate Governance

Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulations

Cyber Security

Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

ERM

Enterprise Risk Management. A risk management process that uncovers risk on an enterprise-wide level with a risk-based approach. ERM approaches differ from traditional GRC approaches in that they track progress over time, use heat maps and other reports to provide insight and transparency, and standardize the RISK ASSESSMENT process so the entire organization is using one scale.