Copenhagen Principles and Practices Compliance

The Copenhagen Compliance® principles and Practices on Governance, Risk Management, Compliance and IT security (GRC) focus on providing competitive advantages and business benefits to Corporations, business and organizations a methodology for proactive GRC convergence to the principles.

We believe that corporations, business and organizations should work towards implementing and integrating structured compliance in all its forms. The integration includes components of governance, risk management and IT security to create business value thru practical solutions and tools to prevent the adversities of non-compliance.

Copenhagen Compliance® has customized IT solutions, templates, document etc, to provide solutions for sustainable GRC awareness. We help organizations and companies to develop, operate and explore the GRC issues to fight non compliance of GRC issues that are based on the 12 principles.

The objective of the Copenhagen Compliance GRC principles is to ensure that the client's GRC activities, financial support and staff behavior is not influenced by temptations or sleaze. We encourage you to see the merits of soft GRC components like culture, innovation, integrity and independence in your processes.

The Copenhagen Compliance® principles on Governance, Risk Management, Compliance and IT security (GRC) produces a number of relevant reports, whitepapers and monthly newsletters that are practical, straightforward and user friendly in terms of implementation of the recommendations. These recommendations should establish a position or platform for a dialog on key GRC issues with stakeholders.

By following the Copenhagen Compliance® principles on GRC, a clear signal is sent to ALL stakeholders of commitment to comply. By implementing the GRC recommendations on the principles and practices, organisations and will keep the house in order and achieve maximum beneficial use of available resources by adhering to the following;

  • Zero tolerance policy towards non-compliance extends to GRC activities in all countries.
  • Ensure that adequate resources, including staff training, are available to develop, implement and maintain GRC policies and procedures.
The 10 Copenhagen Compliance Principles on Governance, Risk Management, Compliance and IT-Security (GRC) Issues are about developing best practices and best-fit solutions that do not depend on a one-size-fits-all approach and talks into consideration that Innovation does not come in a box.
  1. Transparency. Develop a single set of global GRC standards that focus on transparent, impartial, comparable, unhindered, clear and openness in transactions and processes. All key risks are transparent and accurately determine the measures provided by an independent assessment. GRC processes must be exploratory, unifying, transparent and integrative as a decision support.
  2. Accountability. Play an active role in evaluating the efficiency and effectiveness of financial and internal control systems. The components of accountability provide increased awareness and efficiency by using a uniform approach to GRC structures and process. Data trails and IT access is for authorized personnel and any changes are tracked and detected. Information is available when users need it. Controls are based on prevention rather than detection.
  3. Commitment. Be uncompromising in execution and exceed in GRC expectations by taking advantage of change rather than reacting to it. Focus on change issues brought by disruptive forces and transform these disruptive forces into sustainable advantage. Establish customized policies and procedures that function as guiding principles to ensure alignment with strategic objectives, cross-company buy-in, and regular progress. Be aggressive, but prudent in achieving targets and goals that are most meaningful to all stakeholders.
  4. Monitor the Risk Management processes with well-defined enterprise risk procedures based on governance, compliance and IT security assessments. Focus on an integrated internal control and audit strategy more on areas and operations that are prone to risks by monitoring effective (key) high risk indicators for downstream implications of customers, suppliers, finance, operations, people, technology, risk, legal, and tax. Prepare not only for the known unknowns, but also for what happens when the (un)known arrives.
  5. IT-Security must be an integral to effective GRC assessments. Combat security issues like data/identity theft, hacking, malware thru basic IT principles and best practices to keep the systems safe. Establish complete security guidelines that help to respond to organizations' evolving business needs. Technology certainly is a key enabler. We believe true innovation requires bridging strategy with security. Execution helps make structural changes across people, processes, functions, organizational layers and to the business model.
  6. Disclosure. Establish an effective means for the public dissemination of audits, reports and relevant information including establishing a trustworthy relationship with stakeholders and media. Consider all significant internal stakeholders and regulatory regimes in the convergence effort and identify all requirements to be accommodated at the outset. Have confidence in GRC processes to create sustainable disclosures that add value, provide insights and execute assurance on data.
  7. GRC Leadership and Authority. Ensure that the tone-at-the-top provides operational support and endorsement on all GRC issues throughout the organisation. Encourage the establishment of personnel management procedures that promote diversity and maintain, and stimulate honest and qualified employees. GRC components can exercise a part of decision making process on cost rationalization and optimization of the company's risk and compliance programs.
  8. Good Governance. Enforce the right GRC codex (e.g. customized Copenhagen Compliance®) and build a governing framework around it. Create multidisciplinary and cross-functional GRC teams (capabilities include: transactions, finance, and restructuring) with the breadth and depth (specialized skills include organizational design, performance management, technology, risk management, sourcing and shared services, tax, analytics, people and change management) Realize convergence in growth strategies to improve the value of your business.
  9. Validation of GRC Processes. Streamline assessment and oversight processes that influence an extended GRC view across the organization and identify opportunities that go beyond control and compliance to cultural, organizational and process changes that benefit the organization thru people, process, and data. An IT tool or technology alone should not drive the convergence process on perceived GRC irregularities. Establish a clear change management plan and apply it throughout the program.
  10. Audit. Take steps to ensure that both internal and external auditors provide data on greater effectiveness, productivity and leverage among risk management and compliance functions. The establishment of instruction for all financial disclosure and monitor compliance as part of the ongoing audit process. Adequate level of financial and operative independence and breadth of internal and external audit reports.
  11. Ethics, integrity and independence. Gather industry experience and extensive business knowledge by using an accepted or Copenhagen Compliance® Code of Ethics and Integrity to promote codes and standards to be ahead-of-the-curve on regulation, technology, and global markets by using the ethical and integrity components and processes incorporated in the risk and compliance programs.
  12. Compliance continue work regarding fraud and corruption through international existing committees and working groups; for example, the Auditing Standards Committee will consider these issues as part of developing implementation guidance as part of a broader standard framework. Increased ability to comply with new laws and regulations.