Outliers Professionals LtdOutliersProfessionals · Ltd
Framework

Compliance Risk Framework™

Ensure conformance with laws, regulations and internal standards and manage regulatory change.

Overview

Compliance risk is the risk of failing to conform with laws, regulations and internal standards. This framework manages obligations, monitoring, regulatory change and breach handling.

Business problem

Regulatory obligations multiply and change; without an obligations register, monitoring and change management, breaches and penalties become inevitable.

Purpose

Ensure conformance with laws, regulations and internal standards and manage regulatory change.

Who it's for
  • Compliance officers
  • CROs
  • Audit committees
  • Boards
Components
  • Obligations register
  • Control mapping
  • Compliance monitoring & testing
  • Regulatory-change management
  • Breach & remediation
  • Compliance reporting
Governance Structure
  • The compliance function owns; the business executes; the Audit Committee oversees.
Maturity Levels (shared spine)
L1

Fragile

Maturity level 1 of the shared Outliers risk spine — Fragile.

L2

Functional

Maturity level 2 of the shared Outliers risk spine — Functional.

L3

Disciplined

Maturity level 3 of the shared Outliers risk spine — Disciplined.

L4

Strategic

Maturity level 4 of the shared Outliers risk spine — Strategic.

L5

Resilient

Maturity level 5 of the shared Outliers risk spine — Resilient.

Roadmap
Step 01
  • Build the obligations register
Step 02
  • Map controls to obligations
Step 03
  • Establish monitoring and testing
Step 04
  • Run regulatory-change management
Step 05
  • Handle breaches and report
Deliverables
  • Compliance obligations register
  • Regulatory-change tracker
  • Compliance monitoring plan
Policies & documents
  • Compliance policy
  • Obligations register
  • Regulatory-change procedure
Metrics & KRIs
  • Regulatory breaches YTD
  • Obligations with mapped controls %
  • Overdue compliance actions
  • Regulatory changes in backlog
Board oversight questions
  • Do we have a complete register of our obligations?
  • How do we track and absorb regulatory change?
  • What compliance breaches have occurred and why?
  • Is monitoring risk-based and effective?
Knowledge Graph

Related across the Risk Centre

Assessment

Risk Governance Assessment™

Evaluate governance and the three-lines model.

Certification

Risk Excellence Certification™

Applied, board-ready credential proven by running Outliers frameworks on a real organisation.

Advisory

Outliers Risk Advisory

Senior risk advisory across the Outliers framework set.

Back to frameworks

Across the ecosystem

Knowledge graph · 4 relations

operationalised by
ResourceCompliance Obligations RegisterResourceRegulatory Change TrackerResourceCompliance Monitoring Plan
prioritises (inverse)
IndustryPlaybookHealthcare