BSBCOM 603 – Plan and establish compliance management systems

TASK 1
Charity- Care: Research Plan

Charity-Care is based in Brisbane that is limited by guarantee under the Corporations

Act 2001. It is registered as a charity under the Collections Act 1966. The present report
conducts research into and proposes an adequate compliance management system for
the company.

The tasks that need to be undertaken are listed below:

 Research internal and external compliance requirements;

 Analysis of qualitative and quantitative information in order to evaluate
compliance management options;
 Security information;
 Risk management;

Research methods:

Compliance can be defined as a state of being in accordance with established guidelines

or specifications. The term can also refer to the process of becoming so.

Compliance must be aligned with all of the strategies, objectives and activities of an
organization and should not be treated as a separate department of the company. Good
compliance is essential and needs to be reflected in every aspect of the organization’s
culture.

The proposed research methods are the following ones:

 Assess the Board, Management and Staff in the comprehension of the

application of obligations and responsibilities, in terms of awareness,
communication and training program;
 Assess risk assessments and risk treatment plans;
 Identification and attenuation of areas of risk exposure that may result from
non-compliance, such as gap analysis;
 Assess organizational compliance structural performance;
 Review reports related of compliance systems, legislative changes and
compliance violations;

 Review the results of training procedures and programs.

 Plan and budget:

Plan Description Timeframe Budget

 Internal
compliance information
Information gathering Instant
implementation $ 10,000
gathering  External
compliance
requirements gathering.
Providing structure for
management of risks
and also increasing
Information overall awareness of risk
security and throughout the company Following
and ensuring that Three (3) weeks expenses policy
risk
managers can better
management
identify, assess and
control risks within their
areas.
 Analyze qualitative and
quantitative
Information information; Within four (4)
$ 5,000
analysis  Evaluate the compliance weeks
management
measurements.
Identifying a practicable
Within four (4) Following
Reporting compliance system for
weeks expenses policy
the company.

Charity-Chare – Written Report

1. Introduction
 1.1 – Charity-Care Overview

Charity-Care is based in Brisbane and is a public company that is limited by guarantee

under the Corporations Act 2001. It is registered as a charity under the Collections Act
1966. The organization has grown quickly to its current size from its single center
opening just two years ago.

Charity-Care employs about 50 employees who are assisted in various charity tasks by
community volunteers. Charity-Care operates two major front line community services:

 Community-Care - two 100 m² first floor drop-in office centres operating in

Spring Hill on Brisbane’s Northside and Wooloongabba on Brisbane’s Southside and
provides counselling services, short term ‘rent loans’ and $20 supermarket gift food
vouchers for people in need. Each centre has a manager, receptionist, office clerk and
four counselling staff, and is fitted out with a reception/waiting room, two counselling
offices and a staff general office area that includes a kitchenette. Private information is
collected on people seeking the counselling services and recorded in a central database
that can be accessed from all centre computers. Volunteer staff operates the call centre
and visits seeking donations from local businesses and households.

 Computer-Care - a retail business on the CBD fringe that specialises in selling

re-conditioned second-hand ex-government computers to needy families for children’s
educational purposes. The small 70 m² shop is supported by a 1,000 m² warehouse and
repair centre in Fairfield, a Brisbane suburb. Half of the computers are picked up from
the shop and the other half is delivered from the warehouse. Computers for repair are
dropped off and picked up from the warehouse. Repair costs are paid by the customers
to the service centre staff. There is a manager of the Computer-Care initiative who
manages both the shop with its 15 employees as well as the warehouse (eight
employees) and service centre (four employees).

Head office for Charity-Care is based in Fortitude Valley. This is where the CEO and the
business manager have offices.

1.2 - Purpose of this report

Compliance can be defined as the process of assuring the company and its employees
follow all legislative rules, regulations, standards, and ethical practices that apply to the
organization and the industry.

Corporate compliance involves both internal policies and procedures, and also federal
and state laws. Enforcing compliance helps the company prevent and detect
infringements of rules, which protects the organization from fines and judicial
processes.

This way, conforming with all of the internal and external compliance requirements of
Charity-Care, a clear and suitable option and compliance system for this organization
will be proposed, by identifying and analyzing the qualitative and quantitative
information.

2. Compliance requirements

2.1 Internal compliance requirements

The CEO of the company has reported that many policies are documented; however,
some training and motivational issues in relation to implementing these policies
appropriately still need to be implemented. The main of the policies include:

Policies Purposes Requirements

Work health and safety
policy
Equal employment
opportunity policy
 Providing a safe
and healthy work  incident date;
environment for all  time of incident/hazard;
employees,  location of
contractors and incident/hazard;
visitors;  incident/hazard type;
 The first priority of  description of
incident/hazard;
the company must
 persons involved;
always be the well-  witnesses;
being of its  injuries sustained;
employees. A  description of injuries, if
person’s safety is there any;
should not be put at  actions taken to
risk in order to minimise hazard or reduce
risk post incident.
accomplish any
task.
 Equal employment  Charity-Care accepts
opportunity means that as an employer it
that merit and has a responsibility to
equity will form eliminate and ensure
the basis of all the continued absence
employment, of direct or indirect
training, and discrimination on the
promotion basis of any factors not
decisions that related to work
 performance. That
includes: race, colour,
national or ethnic
origin, nationality, sex,
affect employees at marital status,
the workplace. pregnancy, age, status
as a parent or carer,
political conviction,
social origin or
impairment.
 Assuring people
are properly
reimbursed for out
of pocket expenses  Meals and
related to direct entertainment.
Expenses policy expenses for work-  Reimbursement of small
related activities, expenses/temporary cash
and also that advance.
Charity-Care is
able to claim on
taxable expenses.
 All cheques must
contain two eligible
signatures.
 Eligible signatories are
board members or staff
 To spell out members who have been
procedures that previously nominated and
endorsed by the board.
Financial handling must be followed
 Any two of the above
policy in the signing of have the authority to sign
cheques on behalf cheques.
of Charity-Care.  Signatories cannot sign a
cheque made payable to
themselves.
 A list of all cheques
issued each month will be
provided to the treasurer.
Expense reimbursement  To spell out  Charity-Care will
procedures that must be reimburse its staff
followed in the (including volunteers) any
reimbursement of expenses reasonable and authorised
incurred on behalf of expenses incurred by them

Charity-Care.
 Ensure that
organisational transactions
are carried out as
efficiently as possible
through the use of credit
Credit card policy
cards and transaction cards
as appropriate.
 Guard against any
possible abuse of
organisational credit cards.
Sexual harassment Providing a workplace free
policy from sexual harassment.
Risk management policy  The aim of the
policy is not to eliminate
risk, but rather to manage
the risks involved in all
on behalf of Charity-Care
or in the course of Charity-
Care business.
 Credit Cards will
be issued only to people on
the approved
organisational credit card
list. The approved
organisational credit card
list shall be held by the
CEO.
 Charity-Care undertakes
to educate all employees
on the issue of sexual
harassment to avoid its
incidence and to inform
employees of procedures
to deal with the problem
should it occur. Sexual
harassment includes
actions like:
- dirty jokes,
derogatory
comments,
offensive written
messages
(email/SMS), or
offensive telephone
calls
- leering, patting,
pinching, touching
or unnecessary
familiarity
- persistent demands
for sexual favours
or outings
- displays of
offensive posters,
pictures or graffiti.
 strategic focus
 forward thinking and
active approaches to
management
 balance between the cost

Charity-Care activities to
maximise opportunities
and minimise adversity.
of managing risk and the
anticipated benefits
 contingency planning in
the event that mission
critical threats are realised.

2.2 External compliance requirements

Charity-Care is committed to protecting the privacy and confidentiality of its clients

and supporters. The Charity-Care supports and is bound by the Privacy Amendment
(Private Sector) Act 2000 and the National Privacy Principles. Protecting the privacy
and confidentiality of the people the company help is essential in preserving dignity and
providing respectful assistance. Personal client information is collected and used by
Charity-Care only with client consent, with the intent to provide the best possible
assistance and:

 to assess if clients meet eligibility criteria for specific assistance

 for internal reporting purposes

 to continuously develop and improve our assistance programs

to assess the effectiveness of our assistance programs

 to assess the nature of need in the community

 to plan our future programs.

Consent is always sought in using personal and sensitive information for

research purposes. This information, however, is always de-identified prior to analysis
and individual clients cannot be identified from any research analysis or report.
The Charity-Care also actively seeks to ensure that all personal information that
is collected is protected from misuse, unauthorised access, modification or disclosure.
The company have internal data protection and electronic data transmission procedures
and all donations and communications made on-line via web-site are secure.

2.3 Industry specific compliance requirements

Compliance is an important element of corporate governance in Australia.

Legislators are initiating the inclusion of comprehensive compliance obligations in
laws. Courts have indicated that the cost of the absence of a compliance program must
be significant. Therefore, it is recognised that a compliance program provides an
opportunity to not only improve an organisation’s performance, but also reduce the cost
of failing to meet legal obligations.
 In terms of the accounts receivable policy, its purpose is to define the
accounting policies and procedures in respect of the recording, collection and reporting
of moneys owed to Charity-Care. The intent of all interactions between Charity-Care
staff and customers or clients of Charity-Care is that all inquiries are to be handled in a
tactful and diplomatic manner.

Under a company structure, charitable or not-for-profit organisations will

generally be registered as public companies that are limited by guarantee. This means
that the liability of company members is limited to the number of members committed
to contributing to the company's assets, if it is liquidated.

The registration of a company creates a legal entity separate from its members.
The company can hold property and can sue and be sued. Companies are registered
under the Corporations Act 2001, which is Commonwealth legislation administered by
ASIC. A company's registration is recognised Australia wide.

In terms of not-for profit policy, Charity-Care should:

 Have at least three directors and one secretary.

 Have at least one member.

 Have a registered office address and principal place of business located in

Australia.

 Have its registered office open and accessible to the public.

 Be internally managed by a constitution or replaceable rules.

 Maintain a register of its members.

 Keep a record of all directors' and members' meeting minutes and resolutions.

 Appoint a registered company auditor within one month of its registration.

 Keep proper financial records.

 Prepare, have audited and lodge financial statements and reports at the end of
every financial year.

 Send to its members a copy of its financial statements and reports, unless the
member has a standing arrangement with the company not to receive them.

 Hold an annual general meeting once every calendar year within five months of
the end of its financial year.
3. Compliance effects

3.1 Affected areas

In the list below, we can find the areas within Charity-Care that will be affected
by the compliance policies:

1) Risk management policy

2) Sexual harassment policy

3) Credit card policy

4) Expense reimbursement

5) Financial handling policy

6) Expenses policy

7) Equal employment opportunity policy

8) Work health and safety policy

The compliance system that established will help these policies to improve. In
the audit report, many of the issues that identified in the document are still to be
handled by the company. However, plenty other issues have not been addressed
in the audit report and need to be correctly handled in the future.

In short, the issues were detected in the following areas:

1) Warehouse
2) Retail store
3) Counselling centres
4) Head office
Some operations in those areas are not following the organisation principles.

3.2 Risks

Compliance risk can be explained as the risk of legal sanctions, material financial loss,
or loss to reputation that businesses may suffer as a result of its failure to comply with
legislation, standards of good practice and its own: regulations and code of conduct.
The reputation of a company is closely linked to its adhesion to principles of integrity
and ethical conduct. In this case, there is financial issues that caused by misconducts.
Penalties for compliance violations include payments for damages, fines and voided
contracts, which can lead to the organization's loss of reputation and business
opportunities.

3.3 Penalties

An infringement occurs when:

1) an action that places a person at risk of injury, illness or death is taken;
2) actions are not taken to avoid the occurrence of a risky situation;
3) there is a failure to comply with regulatory requirements.
There are three categories of offences for failing to comply with a health and safety duty
under the WHS Act or an electrical safety duty under the ES Act, depending on the
degree of how serious or liable was the consequences of the failure.
 Category 1: These are the most serious breaches where a duty holder who recklessly
endangers a person to risk of death or serious injury. Offences involving reckless
conduct, will be prosecuted in the District Court. It has the highest penalty values,
which are:

- Corporation: up to $3 million
- Individual, as a person, conducting a business or an officer: up to $600 000 /
5 years’ jail
- Individual e.g. worker: up to $300 000/ 5 years’ jail.
 Category 2: failure to comply with a health and safety duty or electrical safety duty
that exposes a person to risk of death, serious injury or illness. Offences will be
prosecuted in the Magistrates Court.

- Corporation: up to $1.5 million

- Individual as a PCBU or an officer: up to $300 000
- Individual e.g. worker: up to $150 000.

 Category 3: failure to comply with a health and safety duty or electrical safety duty.
Offences will be prosecuted in the Magistrates Court.

- Corporation: up to $500 000

- Individual as a PCBU or an officer: up to $100 000
 - Individual e.g. worker: up to $50 000.

3.4 Risk minimisation

1) Proof of regular meetings: minutes, agendas, notes, presentation slides, etc.

2) Regular scenario test runs: test plans and test results.
3) Evidence of recent change management (such as logs showing ongoing
changes) and reviews to the BCP plan (for example, version history of the
BCP plan and associated documents)
4) Obtaining a sanction for authority to fundraise
5) Conducting a door-to-door appeal or street collection

4. Compliance systems

The compliance system leads the way a management system:

 Learns about its compliance responsibilities;

 Ensures that employees understand these responsibilities;

 Ensures that requirements are incorporated into business processes;

 Reviews operations to ensure responsibilities are carried out and requirements

are met

 Takes corrective action and updates materials as necessary

A compliance system will help Charity-Care managing risks associated with changing
the offered services and enacting new legislation to address developments in the
workplace. In the other hand, failing in complying with consumer protection laws may
result in the litigation, monetary penalties, and other formal enforcement actions that
may harm Charity-Care.

An effective compliance system is comprised of three interdependent elements:

The Board of Directors is

responsible for developing Compliance office
and directing a Compliance
Board and
Management System that
1. managemen
assures that federal
t supervision
consumer protection laws Compliance committee
and regulations are being
enforced the right way.
 Policies and procedures
The written program
represents an essential
source document that will
suit up as a training and Training
reference tool for all
Compliance employees. A well planned,
2. program implemented, and
maintained compliance
program will prevent or Monitoring
reduce regulatory
violations and ultimately
provide cost efficiencies.
Consumer complaint response

A compliance audit is an Scope of the audit (including

independent review of an departments, infringements,
institution’s compliance product and services and third-
with consumer protection party relationships reviewed)
laws and regulations and
adherence to internal
policies and procedures. Identified issues and
The audit helps modifications that need to be
Compliance management ensure done.
3. audit ongoing compliance and
identify compliance risk
conditions. It complements
the institution’s internal Number of transactions
monitoring system. The
Board should determine the
scope of an audit, and the Descriptions of corrective
frequency with which actions and time frames for
audits are conducted. correction

Charity-Care – Written reflection

In order to develop the research plan, some type of research was undertaken:

- Research internal and external compliance requirements

- Information security and risk management
- Analyze qualitative and quantitative information to evaluate compliance
management options
 - Prepare a report for senior management identifying an appropriate
compliance system for the organization.

When developing the research plan, a table contenting the action, timeframe and budget
was developed, as it can be seen below:

Plan Description Timeframe Budget

 Internal
compliance information
Information gathering Instant
implementation $ 10,000
gathering  External
compliance requirements
gathering.
Providing structure for
management of risks and
also increasing overall
Information awareness of risk
security and throughout the company Following
and ensuring that Three (3) weeks expenses policy
risk
managers can better
management
identify, assess and
control risks within their
areas.
 Analyze qualitative and
quantitative
Information information; Within four (4)
$ 5,000
analysis  Evaluate the compliance weeks
management
measurements.

The development of survey tool to collect data to select compliance:

 Compliance programs must be relevant and proportionate to the importance of

their desired outcomes.
 Programs to verify compliance must, therefore, be efficient and proportionate
to members’ costs and burden, without compromising desired outcomes.
 Costs of ensuring compliance must be proportionate to the benefits of
compliance.
 Review reports related of compliance systems, legislative changes and
compliance breaches.
 Review results of training programs have developed.
Analysis of qualitative and quantitative data:

Collection Analysis
 simple graphs to
show the data through
tests of correlations
between two or more
items
 Surveys
Qualitative data  Observations  cluster analysis,
useful for identifying
relationships between
groups of subjects where
there is no obvious
hypothesis
Structuring and coding the
data into groups and
 Interviews themes. The best way to
 Focus groups
Quantitative data  Postcards work out which ones are
 Observations right for your research is
to discuss it with academic
colleagues.