Introducing new corrective actions

This workshop covered:

• Explaining the thinking behind the new approach to corrective actions
• A walk-through of the new corrective actions process
• A hands-on training workshop

In this article, we give you a recap of the thinking behind the new approach to corrective actions and a high-level walk-through of the new process.  

We’ll have to be honest here and tell you that it is taking longer than we’d hoped to get the new corrective actions module finalised and released (yes, very surprising for a software development project!!).  

We are hoping to release the new corrective actions before the end of January and will let you know as soon as we are sure of a release date, together with details of a roll-out plan and webinar.

The thinking behind the new approach to corrective actions

There are 3 main drivers behind ComplyWith’s new corrective actions module: 

1. Customer feedback: The key theme of customer feedback was the desire for greater flexibility in the creation and management of corrective actions. This included the ability to do the following things:  
   • To easily change the ‘owner’ of a corrective action.
   • To associate multiple non-compliance responses into a single corrective action, or create multiple corrective actions from a single non-compliance response.
   • To assign a ‘priority’ to a corrective action and to assign different update timing requirements to different corrective actions.
   • To improve reporting on corrective actions for leadership and governance.
2. A move away from the auto-creation of corrective actions: Experience has shown that not all non-compliance responses should give rise to a corrective action. This results in too many unnecessary corrective actions, which diverts focus from what really matters. The new approach to corrective actions reflects a more considered, and ultimately much more robust and valuable, approach to the creation, management and reporting of corrective actions.  
3. Evolving best practice: An increased focus on the proactive management, resolution and reporting of corrective actions has come from several sources, including:  
   • Feedback from our interactions with chief executives, and audit and risk committee chairs and members;
   • Comments by the Judge in the recent high-profile health and safety court cases, MaritimeNZ v Gibson (former CEO of Ports of Auckland)  
   • Regulator guidance and expectations  
   • ISO standards, including: ISO 27001 Information security: ISO 45001 Health and safety, and ISO 14001 Environmental management.  

The new corrective actions process - a high-level introduction

At the heart of the new corrective actions process is the new step of reviewing the non-compliance responses from a Legal Compliance Survey and determining whether: 

• A new corrective action should be created, or
• That non-compliance should be added to an existing corrective action, or
• No further action is required for that response, with the reason for not taking any further action being captured (for example, this could be because the response was not really a ‘non-compliance’ at all, or the matter has since been resolved).  

Other features of the new process include:  

• Multiple non-compliance responses can be associated with a single corrective action, or a single non-compliance can give rise to multiple corrective actions  
• Flexibility in who is assigned to be the ‘owner’ of a corrective action, plus the ability to assign one or more ‘stakeholders’ to a corrective action, so that they can be kept informed of progress on a corrective action
• Enhanced reporting about corrective actions in both:
  • The compliance survey report  
  • New ‘update reports’ for leadership and governance.

The infographic below summarises how the new corrective actions will work: