Compliance Management System

from Wikipedia, the free encyclopedia

A compliance management system or compliance management system , or CMS for short , is the entirety of the measures, structures and processes set up in an organization (e.g. in a company) to ensure compliance with regulations, which can include legally binding and ethical rules.

Basic elements

Basic elements of an effective and efficient CMS can be found in the generic standard DIN ISO 19600 Compliance Management System published in 2014. This includes:

  • Support and commitment from the organization management
  • Comprehensive collection of information about the organization, including compliance risk assessment
  • Creation of the compliance policy with definition of the scope
  • Assignment of roles and responsibilities for compliance, including deployment of the compliance function (compliance officer)
  • Operational planning
  • Implementation of support measures, including communication including training or establishment of a code of conduct es
  • Monitoring and evaluation, including setting up whistleblower systems
  • Constant improvement, including crisis management

A compliance management system is subject to continuous improvement in the sense of the PDCA cycle (plan, do, check, act), also known as the Deming circle .

The Institut der Wirtschaftsprüfer in Deutschland e. V. (IDW) refers to generally recognized framework concepts (e.g. COSO ERM) for the design of a CMS . On the basis of different framework concepts, the IDW has identified seven basic elements of a CMS in its standard, which can be used to organize and describe a CMS:

  • Compliance culture
  • Compliance goals
  • Compliance risks
  • Compliance program
  • Compliance organization
  • Compliance communication and information
  • Compliance monitoring and improvement

Legal meaning

A CMS can have a variety of legal meanings. On May 9, 2017, the Federal Court of Justice (BGH) ruled that an efficient CMS should be taken into account when determining a sanction against companies. In another procedure, the Munich Regional Court sentenced an ex-CFO of a large DAX company to liability for damages in the millions for misconduct in the area of ​​compliance. A CMS can also work in other areas. According to the application decree of the Federal Ministry of Finance, an internal control system serving the fulfillment of tax obligations can be an indication that can speak against the presence of intent or recklessness. Furthermore, a CMS can work in the area of ​​self-cleaning and in other areas. In the 2018 coalition agreement, the parties agreed on the new regulation of the law of sanctions against companies, whereby the regulation of internal investigations and the sanction-reducing consideration of compliance management systems is also provided.

applicability

Compliance management systems are now being introduced not only in large private companies but also in medium-sized companies because of their diverse positive effects. Compliance management systems are now also being introduced in public administration, associations, foundations and other types of organization.

tasks

The core task of a CMS is to create and maintain a sustainable compliance culture. A CMS also aims to ensure that risks for major rule violations are identified in good time and that such rule violations are prevented. Since even an appropriate CMS will never be able to prevent violations 100%, it must also promptly recognize any violations that occur and communicate them within the company so that appropriate responses to the violation can be taken.

Standard and certification

Since December 2014 there has been an international standard ( ISO 19600 ) for the use of compliance management systems, according to which CMS can be set up. The standard has now been adopted as the German DIN standard . However, the standard does not provide for any certification. However, CMS certification is possible according to the IDW PS 980 standard developed by the Institut der Wirtschaftsprüfer in Deutschland eV .

Science and Research

As the first university institution in Germany, in 2012, first as a center for interdisciplinary compliance research and then, unnamed as Viadrina Compliance Center at the European University Viadrina Frankfurt (Oder), it deals with all compliance issues from a scientific interdisciplinary perspective and shapes compliance and compliance management as an independent and interdisciplinary research field. Sub-areas of law , behavioral psychology , business ethics , business administration , economics , communication sciences and others flow into the interdisciplinary research field of compliance and compliance management .

literature

  • Jeffrey Torp: Compliance Management System . AlexInformation Verlag, Austin 2004, ISBN 1-55827-908-3 .
  • Makowicz Bartosz: Practical Guide Compliance Management . Bundesanzeiger Verlag, Cologne 2018, ISBN 978-3-89817-749-8 .

Individual evidence

  1. Compliance Management System if the word system is pronounced in English , compliance management system or compliance management system with the German word system . Plural: Compliance Management Systems or Compliance Management Systems .
  2. ^ Institute of Auditors in Germany. Auditing standard 980. Principles of proper auditing of compliance management systems. Source: WPg Supplement 2/2011, p. 78 ff., FN-IDW 4/2011, p. 203 ff.
  3. Makowicz, Bartosz: Global Compliance Management Standards value-oriented implementation of DIN ISO 19600 and ISO 37001 . CH Beck edition. Munich 2018, ISBN 978-3-406-68096-0 .
  4. ISO 19600: 2014 - Compliance management systems - Guidelines. Retrieved July 26, 2018 .
  5. ISO 19600 Compliance Management Systems - CA Seminars. Retrieved July 26, 2018 .
  6. ^ Judgment of the 1st Criminal Senate of 9.5.2017 - 1 StR 265/16 -. Retrieved July 26, 2018 .
  7. ^ LG Munich I, judgment v. 10.12.2013 - 5 HKO 1387/10 - Citizen Service. Retrieved July 26, 2018 .
  8. Application decree to § 153 AO - Federal Ministry of Finance - Service. Retrieved on July 26, 2018 (German).
  9. Bartosz Makowicz: Integration of new normative, judicial and administrative requirements into a compliance management system . In: Operations consultant . Deutscher Fachverlag, 2018, p. 556 .
  10. Federal Government | Coalition agreement of March 14, 2018. Accessed July 26, 2018 .
  11. Behringer, Stefan, Fissenewert, Peter, Fissenewert, Peter, Grambow, Tobias, Herbert, Alexander: Compliance for medium-sized companies . 2nd Edition. CH Beck, Munich 2018, ISBN 978-3-406-69417-2 .
  12. Focus on compliance i. Authorities, pen. Associations u. NGOs . In: Bundesanzeiger Verlag (Ed.): COMPLY. tape 2016 , no. 4 . Bundesanzeiger Verlag, Cologne June 2016.
  13. ^ Viadrina Compliance Center. European University Viadrina, accessed on July 26, 2018 (German, English, Polish).
  14. Makowicz Bartosz: Universities have to provide concepts . In: BUJ (Ed.): BUJ Special Edition Compliance . 2012, p. 40 .