When you are managing a business or own a business, you must work on your corporate governance and compliance principles. Your company is required to be compliant with the ADA (Americans with Disabilities Act), HIPAA (Health Insurance Portability and Accountability Act), and OSHA (Occupational Health and Safety Administration) regulations. Plus, your company may be subject to special rules if you have a government contract or work in a certain industry. There are some tips below that will help you create a better corporate governance plan. Plus, you will learn how to manage risk, hire the right staff members, and delegate these tasks to the right people.
How Do You Create A Compliance Definition?
You need to determine how compliance is defined within your business. If you are attempting to be in compliance with the ADA, you may need to install ramps that lead up to each door around your building. You may have an elevator installed, or you may begin offering accommodations to disabled employees. You are showing that you are compliant. You are not doing a specific thing that the government told you to do.
What About Data Governance?
Many companies forget about data compliance because they are concerned with issues like OSHA. You need to use a framework for data security that will protect your company’s information. This is important if you must comply with HIPAA because you likely have scanned your client documents and stored them online.
The framework that you use should show the government that you have done what is needed to protect your data. For example, you may need to use the NIST Special Publication 800-53 when you have a government contract or hire government workers. You can use the PCI DSS (Payment Card Industry Data Security Standard) if you run an online store, or you could use the ISO 27000 because it is applicable to every industry.
What Does Your Compliance And Governance Framework Look Like?
Your governance and compliance framework should cover all the items listed below. You are creating a culture within your business that is accountable to local rules and regulations. Plus, you are creating a chain of command that is easy to follow. There are times when your employees can make decisions for the betterment of your business. You cannot ask your managers to make certain major decisions, and that is why you train them to send certain concerns up the chain of command.
Your governance framework should:
- Help conduct a risk assessment for each part of your business
- Create company-wide policies
- Create job descriptions
- Build the chain of command
- Create a due diligence plan for hiring
- Train employees
- Evaluate employees
- Audit each division of the business
- Report compliance violations
- Investigate violations
- Document everything the business does
The list below explains how you will create your compliance definition. When you have used this list to create your governance program, you are protecting your company from undue scrutiny, fines, or legal action.
1. Conduct A Risk Assessment
Your company must conduct a risk assessment that determines where you are vulnerable. Your risk management plan begins when you realize your data is not secure, you are not using secure email, or you may be in violation of government policies. You may find several things that need to be changed, and you can release memos to your staff that explain changes in company policy.
2. Create Company Policies
Your company must have a policy for everything that it does. Your employees have policies governing how they clock into work, how many vacation days they get, and how they accrue sick days. Your managers must follow policies regarding employee conduct, and you need policies that govern how your company manages data.
When you have made accommodations for your staff or to comply with government rules, you need a policy that dictates how you will pay for repairs or upgrade your facilities. You can release these company policies in a memo or handbook to everyone on your staff. You may choose to create a video or training series that explains all your company policies. Your employees will sign off on the policies they have read, and you can hold everyone accountable.
Accountability begins with your company policies because they help you comply with the ADA, HIPAA, and OSHA regulations. Plus, you have created a corporate culture based on these policies. If you do not have a list of policies, no one is accountable to you or the government rules you must obey.
3. Create Job Descriptions
The governance plan you have created for your business should include job descriptions for everyone on your staff. Job descriptions help keep your staff accountable. When you tell everyone what they need to do every day. Your staff can report to their managers on the specific jobs that they do, and you know that those employees understand their job.
When employees leave your company, you know which jobs have been vacated. However, you must rehire to fill those positions because your company governance plan shows that each of those jobs must be done. A company that begins to pile responsibility on a single employee will be in violation of its own policies. At the very least, you can use these job descriptions to show that one person is doing more than one job. You may raise that employee’s salary accordingly.
4. Create The Chain Of Command
The chain of command within your company states that employees report to a manager. That manager reports to a superior above them, and executives report to you as the business owner or CEO. If you have not created a chain of command, decisions may be made below you that cause problem for your business. For example, your lowest managers cannot take meetings with government officials about compliance.
If a manager is accused of sexual harassment, there must be a chain of command that sends those allegations to someone above that manager. The chain of command rises until it reaches the CEO’s desk. Additionally, you may add the board of directors to the chain of command because they oversee the CEO and executives. If the chain of command is broken, company policy can dictate how that employee will be disciplined.
You also need a chain of succession that explains who rises into executives positions due to a sudden retirement or emergency. If the company does not have leadership, you will lose your way quickly.
5. Hire Your Employees Properly
Try to vet and interview employees properly. The governance plan that you have created serves several purposes:
- You must have an interview process that does not discriminate against anyone. For instance, managers cannot bring in their friends and family for interviews without first listing the job and making it available to the general public.
- You must vet each employee by running a background check
- You may require a drug screening for employees in certain positions
- You must call references for anyone who is interviewing with the company
- Your company must have a list of not acceptable behaviors.
- These employees should be a good fit for the company and the company’s culture
- Your managers understand who they are expected to hire. There is no guessing during the interview process
6. Train Your Staff
Your staff must be trained properly, in order to do their job as it is described in your company governance plan. Plus, you must send your staff to any certification courses that are needed. There may be continuing education requirements for people who are working on government projects, or you may need to pay for continuing education if you hire certified staff. Educators, therapists, mechanics, and IT experts are just a few of the people who need to maintain their certification.
If your company does not pay for continuing education, your guidelines must clearly state that employees pay to maintain their own certification. At times, you may pay for a portion of certification training.
7. Evaluate The Staff
You must evaluate everyone on your team every year. The evaluation process may be carried out by hand or using a software platform. Your employees must be aware of the evaluation program your company uses. You may ask your managers to offer progress reports to all your staff members, and they should be given incentives at the end of the year if they meet their goals.
Create a company policy that clearly states how you pay bonuses and how many evaluations are needed to terminate an employee. You must list any legal problem that would call for the termination of an employee, and you should explain how employees are renewed or denied when their contracts expire.
If you are not evaluating your staff, they will not grow. If your staff members are not growing, they cannot be promoted. You must create a system that allows your staff members to grow while giving them structured guidance from a manager who oversees their work.
8. Audit The Company
Your governance plan should explain how you audit each division of the company. Audits ensure that your money is managed properly, your data is managed properly, and you are in compliance with government regulations. You may reveal problems during the audit that need to solved as soon as possible. Plus, you may notice that vendors are charging you too much money, employees are writing expense reports for items you do not pay for, or gaps in your data security that need to be closed as soon as possible.
You may dictate who completes the audit. You might choose to hire an outside company to complete all your audits, or you may have managers from different divisions audit one another. You may complete a yearly audit, or you may require an audit every quarter. Your company governance plan states what should be in each audit report, and you can write guidelines that explain how to solve any problems that are found.
9. Report Violations
You must have a plan for reporting violations of policy within your company. If you are not reporting violations, you may be fined or censured by the government. If your company is not reporting violations independently, you may be fined even more heavily by the government. You must create a paper trail that explains what has happened and what you did to correct the problem.
10. Investigate Violations
Your governance plan should explain who will lead these investigations, and you must create a policy that explains when you hire outside counsel to help. The investigation plan that you write into your company’s governance plan must be followed exactly as it is written. Some of these investigative tools may be required by the government if you are subject to certain rules and regulations.
11. Document What Your Company Does
Finally, your governance plan documents what your company does. You need to be able to show that your company hires people in a certain way, manages data properly, and remains in compliance using techniques that are approved by the government. When you are documenting what your company does, you can easily explain how you have handled certain violations, how you have corrected problems that your company faces, and refute any false claims.
The governance plan that you have created will guide everything that your company does. You are hiring your employees using a policy that you created to make your company more efficient. You will remain in compliance because you have created company policies that protect you from scrutiny, and the governance plan dictates how you manage your data. After creating your governance plan, you must bring the board of directors together if you feel you should make changes.
