The following flowchart outlines the TriLine GRC Compliance Management process.
1. Identify and enter Compliance Process and Controls
Individuals appropriately trained and experienced in Compliance should identify and record all requirements for Compliance within your organisation. This can include compliance with:
Industry standards, and
Codes of Practice.
If your organisation is moving from another Compliance Management System to TriLine GRC, a lot of this work has probably already been done and it’s just a matter of getting the information into TriLine GRC.
Tip: Consider a plan to transfer existing Compliance Records and Process Controls into TriLine GRC as they become due for action. This will avoid you having to try and get everything into TriLine GRC in one go.
2. Schedule and allocate Process Control Tasks to Positions
For each identified Compliance Process:
determine the appropriate schedule for performing the Process Controls, and
identify the most suitable people to perform the Process Controls.
Tip: Process Controls should include a requirement to submit documentation to support any assertion of Compliance. These records can then be quickly recalled within TriLine GRC for evidence at any time. You can set a Process Control so that it cannot be completed without documentary evidence being attached to the Record.
3.TriLine GRC generates Tasks and sends email Reminders
On the appropriate date (determined by the Schedule and Reminder settings for each Process Control), TriLine GRC generates Process Controls and emails the person recorded in the Process Control Record as responsible for Actioning the Task (the ‘Actioned By’ Position).
The generated Process Controls are displayed in each ‘Actioned By’ Position’s ‘My Tasks’ page.
4. Position records completion of Task in TriLine GRC
Once the actions in the Process Control have been performed and any documentary evidence prepared, the ‘Actioned By’ Position reports completion of the Process Control in TriLine GRC.
Where required, documentary evidence can be attached to the Process Control Record during completion, forming a permanent record of the actions taken and results obtained.
5. Task not completed—Task is escalated to Position’s Manager
If a Process Control is not completed on time, or won’t be completed at all for some reason, then TriLine GRC provides a way to ensure that this is managed.
You can set a Position to be the ‘Escalate To’ Position for each Process Control. If the Process Control is not completed by the due date, TriLine GRC sends a notification email:
Every day beyond the due date, to the the ‘Actioned By’ Position, till the task is done.
Once to the ‘Escalate To’ Position, so they can act on this information as required.
This ensures that your Compliance Tasks are not missed, thus helping to avoid possible Compliance breaches.
Note: The escalation process does not move tasks from the Actioned By Position to the Escalation Position. The responsibility to complete the task remains with the Actioned By Position. The escalation process allows the Escalation Position to know when tasks are not completed by the due date so that they may choose to act.
6. Compliance Reports outlining Task completion and non-completion
TriLine GRC retains data recorded for each Compliance Process and Process Control. The ability to include attachments, links to other Records and resources makes TriLine GRC a valuable tool for building an accurate and detailed history of your organisation’s Compliance performance.
The more Compliance data TriLine GRC collects, the more information you have to improve organisational compliance, performance and reputation within your industry.