Key facts

  • DIN ISO 37301 describes requirements for an effective compliance management system. As guideline and basic standard, it gives clear directives for companies regardless of size.
  • The new standard replaces the ISO 19600 and can be certified directly as a Type A standard.
  • The importance of the certification brings with it decisive advantages at national and international level.

The importance of compliance in companies has been growing for years. Companies face increasing national and international regulations and compliance requirements. This leads to implementations of Compliance Management Systems (CMS).

Germany was leading this development and has introduced long ago the audit standard PS 980 developed by the Institut der Wirtschaftsprüfer (IDW  - Institute of Public Auditors in Germany) which contains principles for auditing compliance management systems and is directed to German auditors.

The new DIN ISO 37301 standard describes similar requirements for an effective compliance management system. As guideline and basic standard, it gives clear directives for companies regardless of size. The new standard replaces the ISO 19600 and can be certified directly as a Type A standard.

International importance of certifications

The certification of management systems in line with international standards generates higher commonalities in implementing compliance rules. Liability and reputation risks are reduced. What is more, confidence in your company is enhanced on the international market and in the public sphere. 

Further advantages of successful certification include an increase in the effectiveness and the optimisation of compliance-relevant processes. What is more, certification provides evidence to the supervisory and public prosecution authorities and offers security both for the management as well as employees and stakeholders. In addition, demonstrating a functioning CMS can create advantages in tenders and in the selection as a supplier. 

Large and small companies benefit equally from certification in line with ISO 37301. The standard expressly includes the note that it is suitable for companies regardless of the size, type and nature of the activity as well as whether the organisation is from the public or the private sector.

ISO 37301 as guideline and assistance for successful implementation of a CMS

As with its predecessor ISO 19600, the ISO 37301 contains specifications and well as directives for setting up, developing, implementing, assessing, maintaining and improving an effective CMS. Quite deliberately the specifications and practical tips of ISO 37301 have been selected on a flexible basis so that an effective CMS can be implemented regardless of the specific organisation.

At the same time, it makes it possible to implement the CMS separately from systems already in place at the company. However, it is recommended to integrate it into existing management systems such as risk, quality or anti-corruption management systems. 

There are various project approaches for using the ISO standard. For example, in the context of a readiness assessment, the status of the CMS can be checked in respect to the requirements of ISO 37301. In a transparent fashion this shows the appropriateness, the implementation and the effectiveness of the CMS.

On this basis, weaknesses can be identified and the necessary steps and required adjustments documented in a roadmap to implement a CMS which can be certified. Once all criteria named in ISO 37301 are satisfied, the CMS can be certified in line with the standard and a corresponding certificate provided.

Conclusion

It is true that implementing ISO 37301 is voluntary, but the advantages of certification clearly preponderate. Reasons for expressly recommending certification to all companies:

  • relevance in court cases and in establishing trust between (international) business partners,
  • flexibility in applying the standard,
  • creating transparency in reference to improvement potential and risks.

As market leader in the area of IDW PS 980 audits and as accredited certification body for ISO standards, KPMG has the necessary expertise to provide you optimum support.