Reporting Lines Workshop

18-05-2022 12:00PM 18-05-2022 1:30PM
Online, New South Wales, Australia

Please note you must be GRCI Alumni (Associate, CCRP, CCRP Fellow) to participate in this Workshop. No registration cost applies. For any questions please email

GRCI would like to invite our Alumni to attend a workshop to finalise a resource for our members to understand and mitigate against the unintended risks that can arise from particular organisational structures – specifically the functions into which compliance might report if the CCO does not have direct Board and CEO access themselves. 

Over the course of the development of the organisational understanding of the second line compliance function, there have been a variety of interpretations of best where to ‘put’ it in the scheme of things. Quite often the questions are ones that assume that compliance is a sub function of another second line function: Is it part of risk? Legal? Operations? 
Whilst it is absolutely true that second line functions need to work cooperatively, closely and openly, this does not automatically mean that the compliance function itself should work essentially within or underneath another function, unless there are robust structures in place to ensure that there are no unintended consequences that may arise to potentially dilute the voice and reporting of compliance. 
This is not to say that these kinds of reporting lines cannot work very effectively, but, here at GRCI we have also heard many stories of it being a specific impediment to clear communication through to the board, restriction of resources and important compliance matters becoming internal political fodder.  
Interestingly, the international committee that worked on the ISO had similar observations in their practice and strongly supported the inclusion in the Compliance Standard 37301 for compliance to have independent reporting through to the board as a norm. 
There has been a strong working party developing a thought leadership paper on this particular issue over the past nine months and we would like to bring to a completion a clear resource for members that provides a few purposes: 
Objective consideration of the potential risks and benefits of each reporting line 
Suggestions for how you may need to mitigate or action if any of these risks arise 
How you might make a case for changing the reporting line structure if you feel the risks are unable to be managed 
Continuing engagement and profession wide leadership on this topic. GRCI strongly believes that compliance should be actively engaging in these decisions and leading this debate. 

The purpose of the workshop is to: 
Review the resource 
Calibrate and verify the risk assumptions made 
Add any risks we have not thought of already 
Consider the mitigation strategies and add input 
Add any other material that will be of value 

The broad Agenda for the workshop: 
  • Quick review of purpose and intent 
  • Review of content 
  • Opportunity to workshop each model in break out groups 
  • Reconvene to add in ideas and material 

Final resource: 
The draft will be updated and published following this workshop. 
GRCI is also conducting a corporate survey to gain broader profession insights. 
This resource will be reviewed annually to update any incoming models and reflect changes in practice. 

Please click here to download the Compliance Reporting Models.
We invite all GRCI Alumni to attend (it’s free!) to keep up to date with these developments and to give back to your profession in a way that benefits you and your organisation directly.