Skip to content


[eBook] How to Create an Effective Compliance Blueprint

By Miriam Konradsen Ayed (Updated )

Building a comprehensive structure for your compliance program is essential to effectively and efficiently mitigate risk. And while risks vary from one company to another based on industry, location, and partners – thereby disqualifying any one-size-fits-all compliance program – the underlying structure of a program can, to a reasonable extent, be broken down into a set of components.

To help you navigate the complexities of each of these components, we created A Blueprint for an Effective Compliance Program. Let this be your guide to understanding key components of a successful compliance program, while also explaining how each process can be tailored to respond to the specific needs of your company. Whether you are building a compliance program from scratch or looking to benchmark your current one, this blueprint can help optimize your compliance program.

To give you a preview of the guide, here are the seven main components all compliance programs should address:

  1. Risk Assessment
  2. Policies and Code of Conduct
  3. Exception Requests for Gifts & Entertainment
  4. Training
  5. Due Diligence
  6. Hotline & Case Management
  7. Reporting & Monitoring

Risk Assessment

Performing risk assessments can prove to be a difficult art to master. Yet, risk assessments are the first and most important step in the process of building a compliance program. If your program is addressing the wrong risks, no amount of internal control will be successful in detecting or preventing offenses.

Policies and Code of Conduct

As risks change, the need to create policies will always be present. It is therefore essential that CCOs can systemize the creation and adoption of these policies. A Blueprint for an Effective Compliance Program highlights the common traits of a compliance policy that engages your employees.

Exception Requests

While procedures instruct employees on how to mitigate risks, once these policies meet the real world, exception requests are likely to follow. Some of the areas where exception requests are most needed are gifts and hospitality. Ensure you have an established mechanism to allow for exception requests.


Without effective training, policies and procedures are reduced to nothing more than a pile of papers. Training programs have to cater to the targeted audience, and technology can help automate training programs to employee groups. Check out the guide to see common traits of an effective compliance training program.

Due Diligence

In 2013, 90% of FCPA cases were third party related. Rogue third parties pose the single greatest risk to a company. It is essential for companies to mitigate risks by conducting robust third party due diligence. The guide provides in-depth insight into how to internally assess third-party risk, conduct external due diligence on the third party, and post-approval of third parties.

Case Management

Case management can bring a disciplined approach to tracking issues from the moment they arise to their conclusion. This process allows the CCO to juggle multiple allegations, inquiries, and investigations all at the same time. While a whistleblower hotline is the most common example of case management, all systems should establish an effective intake system that allows employees to submit a complaint.

Reporting and Monitoring

A robust reporting system needs to provide the CCO with a complete picture of all activity. The ideal is continuous monitoring, where the flow of data is constant and human intervention is minimal. The goal is to simplify your reporting and monitoring processes and reduce the chance of manual error.

Take Your Compliance Program to the Next Level

Download your copy of A Blueprint for an Effective Compliance Program today to gain insight into how to: conduct a risk assessment, handle case management, and support your compliance program with monitoring and reporting systems. By elevating your team to a more strategic position, compliance can be viewed as a critical business partner rather than a crisis intervention team.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.