Sustainability & Risk / Compliance
Understanding Compliance Levels
Although entering compliance levels is optional, this information is a key piece of background data. Compliance levels describe the degree of compliance that a compliance program, requirement, contract, contract term, or location has achieved by assigning the compliance level a numeric value. Having this information enables you to evaluate the compliance items that put your organization at the greatest risk of noncompliance, and to track the progress of programs, requirements, and locations in achieving compliance.
Compliance Levels
You can associate compliance levels with compliance programs, requirements, contracts, contract terms, and locations. It takes more effort to update information at the contract term, requirement, and location levels, but doing so enables you to perform more detailed analysis. For example, if you want to be able to evaluate locations by their compliance level, you will need to enter and routinely re-evaluate compliance levels for your locations. You will be able to generate the Compliance Program Counts by Compliance Level and Location report to do this analysis.
A guideline for getting started might be, for critical compliance programs and contracts, consider updating compliance levels at the requirement and contract level, and/or the location level. For less critical programs, update only at the program or contract level.
How the Compliance Level Is Determined
Since the application provides many algorithms to calculate compliance level based on whatever information is available, you can choose to track compliance levels at any combination of levels. The approach can vary between different programs and contracts. The more data you provide, the more accurate the compliance level charts will be.
There are multiple reports and charts that present your data broken down by compliance level. The following describes how the application uses the compliance level information you have entered.
- Overall, for reports, if you do not enter a contract term or requirement’s compliance level, it is assumed to be the same as the level of the program or contract. If you do not enter a location’s compliance level, it is assumed to be the compliance level of the requirement, contract term, contract, or program it is associated with.
- For charts, when a program’s or contract's compliance level is not entered, it is calculated as the average compliance level of its locations; otherwise, if a program or contract has no locations or the locations have no compliance level, it is calculated as the average compliance level of its requirements or contract terms.
- For charts, when a requirement or contract term does not have a compliance level, it is calculated as the average compliance level of its locations; otherwise, if a requirement or contract term has no locations or the locations have no compliance level, it is assumed to be its program’s or contract's calculated compliance level.
Note: If you change the Compliance Levels provided in the HQ and Schema databases, you must make sure that there are no gaps in the level number sequence for all records in the Compliance Levels (regcomplevel) table. For example, if you use only three levels, make sure they are consecutive (0,1,2) (3,4,5), not (0, 3, 6). The workflow rule that calculates average compliance levels requires that compliance levels have no gaps.
Example of Tracking Compliance Levels
For example, suppose a program has five requirements, and you choose to track compliance level only at the requirement level. The application computes the program’s compliance level for analysis only (that is, the value is not stored in the Compliance Levels regprogram.comp_level
table) by taking the average of the compliance levels of the five requirements. This method might suit your needs, but if some requirements have greater weight, subjectively, than others, using the average would not be the best reflection of a program’s compliance level. In that case, you should directly update the program’s compliance level by regularly evaluating how the requirements are doing.