top of page


A Credible Program Needs A Credible Plan

Complying with regulatory acts is not optional and ignorance of the law is not a defence. A credible compliance program will help organizations stay within the law by being aware of legal obligations and safeguarding against the risk of violating regulatory and legal boundaries.

At the same time, a credible compliance program needs a credible plan to design, build, operate, maintain, and improve over time. Creating a task list and doing the basics are not enough to establish credibility or achieve effectiveness.

In this article we take a deep dive into the Canadian [guidelines] regarding corporate compliance programs along with 5 immutable principles for program success.

Canadian Corporate Compliance Program Guidelines

Purpose of a Corporate Compliance Program

The Canadian guidelines on corporate compliance defines the purpose for a compliance program in the following way:

A good corporate compliance program helps to identify the boundaries of permissible conduct, as well as identify situations where it would be advisable to seek legal advice.

In essence a corporate compliance program keeps organizations operating within regulatory and legal lines. These lines form the basic boundaries for compliance with respect to a regulatory license to operate.

Additional obligations will come from stakeholder commitments which have more to do with a social license or at minimum; internal boundaries defined by corporate values. These will in turn create additional boundaries that go beyond the basics.

Benefits of a Corporate Compliance Program

According to the guideline, a credible and effective corporate compliance program generates three broad benefits:

  1. it signals an entity’s seriousness in tackling and addressing the legal obligations and ethical considerations facing businesses today;

  2. reduces costs of compliance by helping to clarify, for business managers and officers, the boundaries of permissible conduct as well as situations that could put their business at risk of violating the Acts; and

  3. should there be any violations of the Acts, it provides a possibility for the business to mitigate the cost of non‑compliance.

The following specific benefits may also be realized:

  • maintaining a good reputation;

  • improving a business’ ability to recruit and retain staff—a business with a reputation for compliance is likely to attract higher‑quality employees and have a better employee retention rate;

  • improving a business’ ability to attract and retain customers and suppliers who value companies that operate ethically;

  • reducing the risk of non‑compliance;

  • triggering early warnings of potentially illegal conduct;

  • allowing a business to qualify for favourable treatment in sentencing, or reducing costs related to litigation, fines, AMPs, adverse publicity and the disruption to operations resulting from an investigation and/or proceedings before the court

  • reducing the exposure of employees, management and the business to criminal or civil liability;

  • educating employees as to the appropriate course of conduct if called upon to provide evidence in the course of an inquiry or if the company is the target of such an inquiry;

  • assisting a business and its employees in their dealings with the government—for example, by identifying contraventions of the regulatory acts early enough to request immunity or leniency; and

  • increasing awareness of possible conduct in breach of regulatory acts among competitors, suppliers and customers in the market.

With respect to stakeholder obligations (internal or external) the following additional benefits may also accrue:

  • reduced impact on the environment

  • safer work environment

  • greater data protection and privacy

  • increased legitimacy

  • greater stakeholder value

  • greater trust

Basic Requirements for a Corporate Compliance Program

A credible and effective compliance program is one that addresses the risk profile of the business taking into account its resources and activities. In all cases a compliance program should have these seven basic elements as described in the guideline:

  • Management Commitment and Support – Management's clear, continuous and unequivocal commitment and support is the foundation of a credible and effective corporate compliance program.

  • Risk‑based Corporate Compliance Assessment – A thorough assessment of the potential risks faced by a company will allow it to properly design compliance strategies that address those risks.

  • Corporate Compliance Policies and Procedures – A corporate compliance program should be tailored to the operations of a business and establish internal controls that reflect its risk profile.

  • Compliance Training and Communication – A credible and effective corporate compliance program includes on‑going training and communications focusing on compliance issues for staff at all levels who are in a position to potentially engage in, or be exposed to, conduct in breach of the Act.

  • Monitoring, Verification and Reporting Mechanisms – Monitoring, verification and reporting mechanisms are vital to the success of any corporate compliance program.

  • Consistent Disciplinary Procedures and Incentives for Compliance – Consistent disciplinary actions as well as appropriate compliance‑related incentive plans demonstrate the seriousness with which the business views conduct in breach of the Act and its commitment to compliance.

  • Compliance Program Evaluation – A program’s ability to deliver its core objective must continuously be assessed. It is also necessary to monitor new developments regarding the Acts and business activities to determine their impact on the program.

However, to realize the broader set of compliance benefits organizations will need to go beyond these basic requirements.

A Credible Program Needs a Credible Plan

Instead of doing the basics, organizations should do what is essential to realize compliance benefits and contend with operational risk.

A credible and effective program with needed capabilities to achieve and sustain the outcome of compliance evidenced by realized benefits requires a credible plan.

Operational Compliance Model

Programs at an operational level manage systems and processes that achieve compliance objectives. These systems are social-technical in nature and objectives will vary in type and performance requirements. This all happens in the presence of uncertainty and may itself be subject to internal standards and guidelines.

The following are 5 immutable principles of program success adapted from Glen Alleman’s ([Five Immutable Principles of Project Success]).




​1. Define what compliance looks like.

  • Where are we heading?

  • What are our goals and targets?

  • What are our obligations & promises?

  • How will we know when we are in compliance and when we are not?

  • Program Scope & Context

  • Obligations / Promises Register

  • Concept of Operations

​2. Create plan to realize and sustain compliance.

  • ​How will we meet all our obligations?

  • How will we keep all our promises?

  • How will we always stay between the lines?

  • How will we manage change?

  • How will we improve?

  • ​Integrated Master Plan & Schedule (IMPS)

3. Resource the plan.

  • ​Do we have enough resources (people, technology, knowledge, capabilities, capacity etc.) to satisfy the plan?

  • Program Resource Plan

4. Estimate and handle uncertainty.

  • ​What impediments or opportunities will we encounter?

  • What could go wrong?

  • What needs to go right?

  • How will we recover when boundaries are breached?

  • What is the nature of uncertainty (aleatory, epistemic, ontological, etc.)

  • What is our risk appetite?

  • What is our risk tolerance?

  • Risk and Opportunity Register

  • Risk-adjusted IMPS

  • Risk Management Plan

5. Measure progress.

  • ​How will success be measured? (MoE)

  • How will performance be measured? (MoP)

  • How will conformance be measured? (MoC)

  • How will risk be measured? (MoR)

  • Benefits realized

  • Outcomes advanced

  • Risk ameliorated

Following these principles has proven to increase the probability of success across all domains by helping organizations develop and execute credible program / project plans.




Become a Member

Lean Compliance Member



Every month

Access to Exclusive Resources and Programs

Valid until canceled

Access to Recorded Webinars

Access to Exclusive Content (worksheets, templates, etc.)

Access to Exclusive Articles

Access to Exclusive Resources

Access to Elevate Compliance Huddle Worksheets and Content

50% Off First Compliance Consultation ($225 value)

Elevate Compliance Huddle

Mondays @ Noon on Zoom (weekly)

Elevate Compliance Huddle / Free Online Session

bottom of page