ISO 19600 is an international standard issued by the International Organization of Standardization (ISO) that aims at supporting organizations worldwide in introducing good compliance measures and maintain integrity. The standard was published in December 2014 and has received both praise and criticism, but no in-depth analysis of its effectiveness. This paper is set out to further analyze the approach offered by ISO 19600 towards compliance. It is supposed to assist cooperations in their decision whether or not to use ISO 19600 as their sole or main resource in implementing good compliance measures within their organization. The research question of this thesis could thus be stated as follows:
How effective are the measures suggested by ISO 19600 in ensuring good compliance in a cooperation?
The term „effectiveness” is defined by the Oxford dictionary as "[t]he degree to which something is successful in producing a desired result". Therefore, this thesis is going to analyze the degree to which ISO 19600 is successful in producing the desired result of preventing compliance violations in cooperations.
The research is based on findings of studies on compliance as well as the suggestions in popular literature on the topic and opinions voiced by various economists and organizations upon the release of ISO 19600 itself. By comparing those with the suggestions made in ISO 19600 it is possible to assess the standard’s potential effectiveness when it is utilized by a cooperation.
Note that ISO 19600 is aimed at all kinds of organizations including non-profit organizations and governmental institutions. The focus of this thesis lies on private, profit-driven enterprises, but most of the thesis’ findings apply to other types of organizations as well.
Table of contents
1. Introduction
2. Theoretical framework
2.1. About compliance
Defining "compliance"
The importance of compliance
The causes of compliance violations
Why introduce a Compliance Management System?
2.2. About ISO 19600
Structure and function of ISO 19600
How other compliance standards and guidelines compare to ISO 19600
Why utilize ISO 19600?
3. Analysis of ISO 19600
3.1. Applicability and summary of ISO 19600
Context of the organization
Leadership
Planning
Support
Operation
Performance evaluation
Improvement
3.2. Analyzing the approach of ISO 19600 on selected topics
Risk management
Compliance culture and leadership commitment
Training
Noncompliance
3.3. The weaknesses of ISO 19600
4. Summary and advice for cooperations utilizing ISO 19600
5. Conclusion and prospects
Objectives and Topics
This thesis examines the effectiveness of the ISO 19600 international standard in preventing compliance violations within private, profit-driven enterprises. By contrasting the standard's guidelines with empirical data, industry literature, and expert opinion, the research evaluates whether ISO 19600 provides a sufficient framework for organizations to mitigate compliance risks and foster a culture of integrity.
- The role and definition of compliance management in modern organizations.
- A detailed functional analysis of ISO 19600 and its "high-level structure."
- The impact of organizational compliance culture and leadership commitment.
- Critical examination of risk management, training protocols, and noncompliance handling.
- Evaluation of the standard's strengths and weaknesses regarding scalability and depth.
Excerpt from the Book
Risk management
The management of compliance risk is primarily covered in two of ISO 19600’s chapters - chapter 4.6 "Identification, analysis and evaluation of compliance risks" and chapter 6.1 "Actions to address compliance risks". According to the standard, risk management is of pivotal importance as it states "[c]ompliance risk assessment constitutes the basis for the implementation of the Compliance Management System and the planned allocation of appropriate and adequate resources and processes to manage identified compliance risks".
The standard further defines risk as a positive or negative deviation from the expected (effect) when there is a complete or partial deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood (uncertainty) on objectives. It is often expressed in terms of the consequences of an event. According to Fissenewert risks might have long-term or short-term consequences and can be caused through internal processes or externally through competition and changes in technology or legal regulations.
By encouraging the introduction of a coherent Compliance Management System ISO 19600 takes the generally accepted "Enterprise-Wide Risk Management" approach as opposed to traditional risk management which addresses risks on a one-on-one basis and is thus quite ineffective. Instead of addressing one risk at a time the standard’s proposed risk management system includes the process of identifying all potential compliance risks at once and taking action accordingly as well as a regular re-assessment of risks. Risk management could thus be defined as the process of identifying, analyzing and evaluating risks to plan and implement actions to address those risks. Compliance risk management is risk management to specifically address risks that can jeopardize compliance, and can be seen as one part of a risk management system of an organization that addresses all kinds of risk.
Summary of Chapters
1. Introduction: This chapter defines the scope and research question, aiming to analyze the effectiveness of ISO 19600 in preventing compliance violations within cooperations.
2. Theoretical framework: This section provides foundational definitions of compliance and compliance management, outlines the structure of ISO 19600, and compares it with other global standards.
3. Analysis of ISO 19600: This central chapter provides a practical application example via an imaginary company and evaluates specific core topics, including risk management, culture, training, and handling of noncompliance.
4. Summary and advice for cooperations utilizing ISO 19600: This chapter synthesizes key findings and provides actionable recommendations for organizations looking to implement the standard effectively.
5. Conclusion and prospects: The concluding section summarizes the overall effectiveness of ISO 19600, acknowledges its limitations regarding depth, and suggests areas for future research.
Keywords
ISO 19600, Compliance Management System, CMS, Risk Management, Corporate Governance, Compliance Culture, Leadership Commitment, Noncompliance, Fraud Prevention, Whistleblowing, Business Integrity, Regulatory Compliance, Compliance Training, Enterprise Risk Management, Internal Controls.
Frequently Asked Questions
What is the primary purpose of this thesis?
The research aims to evaluate how effective the ISO 19600 standard is at preventing compliance violations and ensuring integrity within private, profit-driven cooperations.
What are the core thematic areas discussed in the work?
The thesis focuses on the functional structure of ISO 19600, the importance of leadership commitment, the role of corporate culture, risk assessment methodologies, and the management of noncompliance.
What is the central research question?
The research seeks to answer: "How effective are the measures suggested by ISO 19600 in ensuring good compliance in a cooperation?"
What scientific methodology is utilized?
The study employs a qualitative approach, analyzing the ISO 19600 standard against empirical findings from studies (such as those by KPMG and EY), relevant academic literature, and expert industry opinions.
What does the main analytical part of the book cover?
It provides an in-depth breakdown of the standard, using a case study of an imaginary company to demonstrate implementation, followed by critical thematic analysis of specific chapters like Risk Management and Training.
Which keywords best characterize the thesis?
Key terms include ISO 19600, Compliance Management System, Corporate Governance, Risk Management, Compliance Culture, and Integrity.
Is ISO 19600 sufficient as a standalone resource?
The thesis concludes that while it provides an excellent framework, the standard lacks sufficient depth and should be supplemented with additional literature specific to the organization's size, industry, and country of operation.
How does the standard approach the "human element" of compliance?
The author emphasizes that compliance is deeply linked to human behavior, arguing that training and cultural efforts must address the individual's "willingness" and integrity, rather than just forcing rules.
- Arbeit zitieren
- Lisa Sachse (Autor:in), 2017, The effectiveness of ISO 19600 in preventing compliance violations in cooperations, München, GRIN Verlag, https://www.grin.com/document/446820
