Compliance Assessment & Testing Process
ICP Risk-Ranked 5-Year Plan
- We developed and implemented a Five Year Compliance Assessment and Testing Plan to help us schedule and review key compliance areas at both Campus and JPL. Annually, this plan is reviewed and updated to incorporate infomation gathered throughout the year. We consider any changes to the Campus and JPL compliance environment, regulatory updates, and scheduled external reviews that may impact certain compliance areas.
Assessment & Testing
- For each key compliance area, we work with key personnel to complete the Compliance Assessment Template. The Compliance Assessment Template helps establish a baseline understanding of the compliance framework that is in place for each compliance area. The eight areas covered within the Compliance Assessment Template include:
- Identification of key process owners, compliance risks, and applicability. This area helps us identify and understand current processes and relationships, key compliance risks, and the personnel impacted by the compliance area.
- Identification of key regulations and compliance requirements. This area helps us identify and understand the key regulations and complinace requirements affecting the compliance area.
- Identification of key reporting requirements. This area helps us identify and understand key federal, state, and local reporting requirements and associated deadlines.
- Identification of key periodic reviews by external agencies or organizations. This area helps us identify and understand the regulatory agencies and entities that may review the area and the frequency of their reviews.
- Identification of internal policies and procedures incorporating key regulations and compliance requirements. This area helps us identify and understand the internal processes developed to ensure that key regulations and compliance requirements are met. As part of our testing we compare internal policies and procedures with key regulations and compliance requirements to ensure the information is current, roles and responsibilties are clearly defined, and key processes are described emphasizing compliance controls.
- Identification of monitoring activities to ensure complaince with key regulations and complaince requirements. This area further helps us identify and understand the monitoring processes developed to ensure that key regulations and compliance requirements are met. Monitoring processes may include activities such as on-site inspections, visual observation, management and supervisory review of data, etc. As part of our testing, we assess that these processes are implemented as described by management, including physical site visits and interviews with personnel responsible for compliance.
- Identification of training for complaince with key regulations and compliance requirements. This area helps us identify and understand the types of job responsibilities and associated types of required training needed. As part of our testing, we review that training materials are current and are relevant to regulatory requirements. We also review a small sample of personnel to ensure completion of training and record of that training is on file.
- Identification of key metrics used to evaluate adherance to key regulations and compliance requirements. This area helps us identify and understand how management utilizes compliance metrics and whether they are used to enhance compliance controls.
On-Going Management Actions
- During the complaince assessment and testing process, we may identify gaps, or areas that can be enhanced or strengthened to ensure compliance with key regulations and compliance requirements. All gaps require management to provide us with reasonable corrective action dates. We track all gaps to completion and follow-up with management at the designated due dates to determine whether the corrective actions are closed.