Scribd Logo
Upload

Welcome to Scribd!

  • Draft RCM - Compliance V1

    Uploaded by

    Abhishek Agrawal
    18 views10 pages
    This document identifies controls to mitigate risks related to statutory compliance at a company. It lists 14 risks if compliance is not properly monitored or updated. Corresponding controls are outlined to prevent or detect these risks, such as having a compliance policy, segregation of duties matrix, and automated compliance module. The module sends reminders, allows access to laws for employees, and segments compliance by impact/criticality. Control owners, documentation references, and frequency of controls are also specified to ensure proper oversight of statutory requirements.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document identifies controls to mitigate risks related to statutory compliance at a company. It lists 14 risks if compliance is not properly monitored or updated. Corresponding controls are outlined to prevent or detect these risks, such as having a compliance policy, segregation of duties matrix, and automated compliance module. The module sends reminders, allows access to laws for employees, and segments compliance by impact/criticality. Control owners, documentation references, and frequency of controls are also specified to ensure proper oversight of statutory requirements.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    18 views10 pages

    Draft RCM - Compliance V1

    Uploaded by

    Abhishek Agrawal
    This document identifies controls to mitigate risks related to statutory compliance at a company. It lists 14 risks if compliance is not properly monitored or updated. Corresponding controls are outlined to prevent or detect these risks, such as having a compliance policy, segregation of duties matrix, and automated compliance module. The module sends reminders, allows access to laws for employees, and segments compliance by impact/criticality. Control owners, documentation references, and frequency of controls are also specified to ensure proper oversight of statutory requirements.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 10

    RISK CONTROL MATRIX - Compliances

    Identifying Control Risk & Mitigation


    CO. No. Control Objective Sub-Process

    1 The Company has a policy in place for monitoring of various statutory NA


    compliance requirements

    2 The company has an overall DoA Matrix and Segregation of Duties NA

    3 Communicate/ update are sent time to time to the employees with regard NA
    to company policies on Compliance & updation

    4 The Company files correct and timely statutory returns NA

    5 Compliance module is updated (as in certain recent amendments in certain NA


    acts have been incorporated in compliance module)

    6 All statutes applicable on the Company are included as a part of NA


    Compliance module

    7 Details captured in compliance module for a particular statute are correct NA

    8 Wrong subject matter expert are assigned for a particular statute NA

    9 Auto alert system is not working properly NA

    10 Reminders sent through complaince module are marked to relevant NA


    persons

    11 Very old items are lying open in compliance module as unresolved NA


    12 Level 1 employee report the compliance done by him for further approval NA

    13 Employee have access to act & compliance library of compliance module NA

    14 Compliance module seggregate the compliance as per the impact & NA


    criticality wise
    Risk No What may go wrong Type of Risk

    R1 The Company does not have a policy in place for monitoring Operational
    of various statutory compliance requirements

    R2 The company does not have an overall DoA Matrix and Operational
    Segregation of Duties
    R3 Communicate/ update to the employees with regard to Operational
    company policies on Compliance & updation is not effective

    R4 The Company is unable to file correct and timely statutory Financial


    returns

    R5 Compliance module is not updated (as in certain recent Operational


    amendments in certain acts have not been incorporated in
    compliance module)
    R6 Certain statutes applicable on the Company are not included Operational
    as a part of Compliance module

    R7 Details captured in compliance module for a particular Operational


    statute are not correct
    R8 Wrong subject matter expert are assigned for a particular Operational
    statute
    R9 Auto alert system is not working properly Operational

    R10 Reminders sent through compliance module are not marked Operational
    to relevant persons

    R11 Very old items are lying open in compliance module as Operational
    unresolved resulting in statutary non-compliance
    R12 Level 1 employee not report the compliance done by him for Operational
    further approval

    R13 Employee does not have access to act & compliance library Operational
    of compliance module
    R14 Compliance module does not seggregate the compliance as Operational
    per the impact & criticality wise
    Control No Control Description

    C1 Company monitors its compliance through Compliance Module. There is well


    defined roles and responsibilities of Compliance Head, Subject Matter Expert,
    Compliance Officer and Responsible Officer for the Compliance of various
    Statutes.The Directors also constantly monitor Compliances through regular
    meetings and reviews.

    C2 The company ensured segregation of duties through responsibility matrix


    duly approved.
    C3 All Subject Matter Experts, Compliance Officers and Compliance Head
    communicate to respective employees for the amendments and changes in law
    from time to time.

    C4 Compliance module auto sends reminders as per levels defined in module


    prior to due date of a particular return.
    To ensure correct filling of statutory returns Level 1 employee prepares the
    returns which is further reviewed and approved by higher level employee as
    defined in module.

    C5 Subject matter experts will resposible to communicate any recent


    amendments or judgements of courts to CCO for updation in compliance
    module.
    C6 Every employee of the company has responsibility of informing probable
    applicability of a statue to affecting his sphere of work. And it only after
    discussion with the subject matter experts, and after understanding intent,
    gravity and applicability and operational part of the statue, it is covered in
    compliance module

    C7 Subject matter experts will take care that the particulars captured in
    compliance module is correct.
    C8 Management ensure fitment before assigning any particular statute to subject
    matter expert
    C9 DBA team always monitor regularly the scheduler, whether scheduler is
    working fine or not. If there is any issue in scheduler then DBA team always
    take necessary action.
    C10 Compliance team send weekly email to all the compliance officers (unit in-
    charge) and subject matter experts, to review the pending compliance data,
    which contains email ids of the concerned persons. If there is any error, the
    same get highlighted by the compliance officers / subject matter experts, and
    same is corrected by compliance team.

    C11 Chief Compliance Officer/Compliance Officer/Compliance Head will


    regularly takes follow up regarding open tasks.
    The compliance module also sends overdue alert mail for any open tasks
    which includes consequences of non-compliance.
    C12 Level 1 employee requires to attach the proof of compliance in compliance
    module for further approval.
    The compliance module will then auto send the completion alert to level
    officers as defined in compliance module.

    C13 Currently no employee (except CCO) have access to act & compliance library
    of compliance module.
    C14 Compliance module had in-bulit feature to seggregate the compliances as per
    the impact & criticality wise.
    Type 1 (Manual or Automated) Type 2 (Preventive or Detective) Freq. of control

    Automated Preventive Depend upon task

    Automated Preventive NA

    Manual Preventive Depend upon task

    Manual/Automated Preventive Depend upon task

    Manual Preventive Depend upon task

    Manual Detective Depend upon task

    Manual Preventive/Detective Depend upon task

    Manual Preventive Depend upon task

    Manual Preventive Daily

    Manual Detective Depend upon task

    Manual Preventive Depend upon task


    Manual/Automated Preventive Depend upon task

    NA Preventive NA

    Automated Preventive Depend upon task


    Control Owner Documents Reference

    CCO Compliance module PPT

    SOD Matrix

    All Subject Matter Experts,


    Compliance Officers and
    Compliance Head
    communicate to respective
    employees

    Compliance Head/ Auto alert reminder copy


    Compliance Officer

    Subject matter experts

    Compliance Team

    SME

    Management

    IT

    Compliance Team

    Chief Compliance
    Officer/Compliance Head/
    Compliance Officer
    Chief Compliance
    Officer/Compliance Head/
    Compliance Officer Document

    CCO

    Compliance Module

    You might also like