What small businesses need to know about compliance
When you’re running a small business, governance, risk and compliance (GRC) may seem like something for large organizations with dedicated risk and compliance departments. Yet the reality is that, as a smaller business, you still have a plenty of compliance obligations to meet, with fewer staff to help you manage them. The good news is that the right tools can help make them manageable – and even increase the value of your business along the way.
By AnsaradaFri Apr 22 2022CEO-CFO, Governance Risk and Compliance
Why do you need a GRC system?
If your business has risks to manage, then you need to think about a GRC system.
A GRC system helps you identify and mitigate risks before they become a problem. It ensures your staff operate ethically, limiting your exposure to risky behaviours that can lead to expensive breaches and penalties.
Done well, your GRC system brings clarity to your business. In contrast, a poorly considered system can end up adding to your workload while consuming valuable time and money.
The first step is to understand that GRC isn’t a one-off activity. Instead, it’s a framework that needs to be woven into the fabric of how your business operates, generating important compliance data to guide day-to-day decision making, right across your business.
The next step is to think carefully about the key risks you need to manage. Here are six common risk areas to consider.
1. Protecting customer privacy
There are a growing number of international laws, including the EU’s General Data Protection Regulation (GDPR), that regulate the management of people’s personal information.In Australia, the Corporations Act specifies who can be contacted and for what – particularly the anti-hawking and anti-spam provisions. Running afoul of the Act can result in stiff penalties and fines.
Processes and controls can ensure data security and limit your risk. They can be deployed across your business, or focus on specific, high-risk areas like Marketing and IT.
2. Meeting your obligations to your staff
Human resources is a sensitive area that carries significant legal requirements. Mismanaging it, even by accident, can leave a business liable. Yet managing complex awards and contracts, including legacy agreements, can be challenging.You need to ensure that you are providing mandatory minimum benefits, including payroll and superannuation contributions – backed by robust documentation.
Outdated legacy HR technology systems can make hiring and dismissing employees more complicated. A GRC strategy gives you greater visibility and helps to limit your risk.
3. Complying with your industry's licence conditions and regulations
Many industries have specific regulatory frameworks, governing everything from food quality and hygiene, to building standards. Ensuring your data is easy to understand and analyze helps you when you report to the relevant agencies, protecting you from legal risk.Tracking your licenses and permits – along with their expiration dates – prevents key person risk resting on the employee with custody of the dates and passwords.
4. Keeping on top of your taxes and reporting
Complying with various tax requirements can quickly become overwhelming. GRC software can help you track your key dates and your taxes by type, from payroll tax to fringe benefits. It can also help support your record keeping so that you can meet your obligations.5. Ensuring workplace health and safety
You are responsible for providing a healthy and safe work environment for both your employees and anyone who comes into contact with your organization, including customers, contractors and suppliers.Tracking incidents can help you understand unsafe or potentially problematic areas of your business. Addressing these can limit future liability. And administering workers compensation policies is essential in the event of anyone becoming ill or injured in your workplace.