There is a close relationship between compliance and business process management. Being compliant means having business processes that are compliant! Becoming compliant is more a future state activity than a current state one. Within this activity one should make an inventory of applicable rules, regulations etc. end determine in which extent the current business processes are already compliant (or negatively put: determining the gap). This mainly for being input for the future state.

• Process flows and descriptions:
o Model and describe compliance processes (testing, reporting, et cetera).

Steps

Preparation
• Participants: risk manager (or equivalent), legal, compliance officer if in place and the process owners

Input
• Information pack
• Process flow diagram
• Risk policy document
• Applicable regulations
• Company regulations

Execution
• Determine the current risks and controls that have been identified and implemented in the business processes. The applicable rules and regulations should be taken into account and implemented in the processes as well. The consultant documents this in the process flow diagram and the business control chart.
• Furthermore the risks, occurrence, impact and probability should be captured and controlled.

Output
• Risk assessment
• Applicable rules and regulations needed to be implemented