Trojan CorporateTrojan Corporate

By Narelle Davidson

Do we have a policy and procedure for that?

Is it a policy, procedure, process or something else?

Compliance isn’t about having a policy for everything.  Compliance needs to be practical and able to be implemented. A crucial component of a solid compliance program is developing and implementing a practical policy that will help the venue met with the applicable law, standard and code.  A suitable policy that satisfies the community, member and patron expectations.  The policy should aim to promote compliance without putting an unnecessary burden on the business. 

What is a policy?

A statement, verbal or written that details the standard, belief or course of action that has been adopted or proposed by the board of directors.

What is a procedure?

Procedures detail the steps, order or manner in which tasks or actions are to be conducted. Procedures are used to show employees the correct process to be followed.   Procedures are typically lengthy and offer more detail to the employee.

What is a process?

Interrelated tasks, decisions, actions or steps that achieve a specific result.

How do we make sure that we aren’t creating another document that serves no purpose?


  1. Avoid mixing policy and procedure together.
  2. Keep it real. The policy must be practical and able to be implemented.
  3. Keep the policy current and up to date. Keep the procedures current and up to date.
  4. Use language that readers will understand and that is consistent with your venue and industry.
  5. Involve the team in policy development. This will give it credibility.
  6. Publish and communicate policy. Use formats, like noticeboards, staff newsletters, team meetings and team talks. Provide training and where appropriate publish on the club’s website.
  7. For internal policy and procedure, use an “I agree” form that the team member signs in acknowledgement of having received, read and understood the document they have been provided.
  8. Is the policy or procedure being implemented effectively? Does it need to be reviewed? Does the policy work?
  9. Maintain a policy and procedure register.
  10. Policy and procedure are best written in alignment with business strategy, vision and values.

Bonus Tip:

Ask this question: Is the issue better dealt with by a policy, process, or a procedure?

Summing up

Often the lines between policy and procedure become blurred.  It is important to make sure that policy and procedure don’t become something other than what they are intended to be. The policy should serve a bigger purpose and not be written for policy sake.  Take the time to develop, tailor and implement the appropriate solution to make sure it’s a good fit.  Make sure the solution adds value.  Trail procedures to make sure they work.  Test processes to ensure they achieve the desired results.  Use policy, procedure and process to set the standards, steps and outcomes that add value and lead your business forward.


By Narelle Davidson

Staying on top of regulatory change?

I spend a lot of time talking to managers about compliance.  A common pain is understanding legislative obligations, staying on top of and managing regulatory change.  In an industry that has a broad range of legislative obligations, this is no surprise.  Understanding compliance obligations can be a big task to get started on.  Once a start has been made it is easy to get bogged down with the complexities.  While many people have an idea of what is required to meet legislative obligations, sometimes the devil is in the detail.  The detail can be what brings everything to a grinding halt. It is important to establish risk appetite.  What is the amount and type of risk the business is prepared to accept to achieve its objectives?

A compliance risk register is a “must have” for any business

Do you have a compliance risk register?

We need to understand our legislative obligations in order to manage regulatory change.  Developing a compliance risk register is a start.  The risk register should map out the compliance obligations and document how these are being managed.  It should identify gaps and where there is potential exposure to the business.  The register will need to include any controls that are in place to manage the compliance risk.  Where a control does not exist it will need to be developed and of course implemented.  The register needs to be monitored and reviewed.

10 tips to stay on top of regulatory change

These are my top 10 tips to manage legislative obligations and stay on top of regulatory change:

  1. Create a compliance risk register.
  2. Identify current compliance risks for your business.
  3. Include current controls that are in place to manage the risk. Controls can be things like documented policy, training, review and reporting procedures.
  4. Rate the risk.
  5. Identify any gaps and any new controls that may need to be implemented. What new policies and procedures may need to be developed? Training may need to be reviewed.  What incidents have occurred in the past that may help manage the obligation now? What changes are required?
  6. Communicate changes and how the change will be implemented.
  7. What reporting (internal and to the regulator) is linked to the legislative obligations?
  8. Consider how compliance will be demonstrated.
  9. Consider how a compliance breach will be handled.
  10. Monitor changes to legislation and make updates to the register.

Once a regulatory change is known you must consider what is required to be done.  A lot of effort can be put into working out how to get around regulatory change when the effort is best put into working out what needs to be done.

How do you manage legislative obligations and regulatory change?

By Narelle Davidson

Is compliance a priority for you now?

Compliance is a cost of doing business, but is compliance a priority for you now?

Is compliance a priority for you now?  Compliance certainly has the capacity to impact the bottom line.  A business with poor compliance may not have the same capacity for growth as one with solid compliance practices. For a number of reasons, compliance may not be a priority for some businesses.  The reality is that compliance may not be allocated the same priority as other business functions, like marketing, promotions or sales.  For some, it’s boring, mundane and is someone else’s responsibility.   Perhaps there are other more important things to worry about? Compliance is probably under control….or is it?  Everything will be ok if we are doing the right thing…won’t it?

Compliance is a part of doing business and needs to be resourced appropriately.  For many, compliance has become a burden.  Although compliance may not be the most exciting area of the business it can become an even bigger burden if not given the attention it deserves. Perhaps there are other areas of the business that require attention.  However, while attention is focused elsewhere exposure could be lurking.  If compliance is not a priority now, it could become an unwanted problem in the future.

Last week I wrote about consistency over time = results.  In thinking about the goal/s we want to achieve, a culture of compliance is where the real value is.

The key is attempting to ensure future compliance.  Ted Fitzgerald

How do we ensure future compliance?

Developing a culture of compliance in the business is sure to help ensure compliance in the future.  Creating a culture of compliance is possible and essential to adding business value.

Here are some questions to ask:

  • Do we understand the compliance risk in our business?
  • Is compliance adequately resourced?
  • Do we have the necessary policy and procedures? Are the policy and procedures clear? Does the team know and understand what is required of them?
  • Has there been communication to the team about compliance expectations? How did the communication take place?  Was it effective? How do we know it was effective?
  • Have we trained our team appropriately?  Did we assess the learning? Do we have appropriate training records?
  • How do we know that the right thing is being done? Is there evidence to support that the right thing is being done?
  • What needs to happen when something is not right or a breach occurs? What do we do when matters of compliance are brought to our attention? Who will be responsible for acting on such matters? How do we know such matters have been acted upon? How do we know if the action is effective?

Take the time to ask the above questions.  Think about the answers.

How do you feel about ensuring future compliance?  Has compliance just become a priority for you?



By Narelle Davidson

Consistency = Results

Compliance opportunity #2 – Consistency = Results

Recently I was speaking with a client who said, “I finally feel that we are starting to get on top of compliance”.   Hallelujah moment for me! I calmed myself down and reinforced with this sentiment “That is so good to hear, consistency = results”.  It really was great to hear that a client (small club greater than 50, but less than 100 gaming machines) was feeling good about their compliance risk.  At that point we acknowledged this was a team result.

This made me think about the consistency = results approach.  What is this really all about?  For me, consistency is about doing something repeatedly, or in a similar way to achieve the desired outcome.  Ultimately, the result.  The result is important because if we do not get clear on what the outcome is, we will never know when we have achieved it.   We can consistently do something, making it a habit that offers no real benefit.  It’s important to get clear on what we want to achieve and why we want to achieve it.   Once we get clear on the what and why we can then start to put the pieces together.

Slow and steady wins the race or does it?

Getting results is about making the best use of the resources that you have available to you.  Resources can be limited (as my client above could give testimony to); however, when we tap into the right ones results happen.

If you do what you’ve always done, you’ll always get what you’ve always gotten” Tony Robbins

Questions to ask?

  1. What do we want to achieve? Improve compliance standards – implement a compliance management system.
  2. What stops us from getting to our compliance tasks? Obstacles – time, procrastination, suitable resources – human, financial, lack of skills and knowledge, other priorities and other risks.
  3. Why do we want to achieve improved compliance? Sleep easier, consistency, less likelihood for regulatory attention, less chance of being fined, reduced risk of litigation, protection.
  4. What is my strategy or what will be my action plan? Start allocating time. Stop putting other things in front.  Start to think about resourcing.
  5. How will this turn into a visible result? Start doing all of the above.

Obstacles will come up

I often hear “I have the best intentions to get to this, I take it home every night, but just can’t seem to get anywhere’.  It’s not surprising.  I think most would agree when we leave work for the day,  we don’t want to take it with home with us.  Working from home, social media, technology and accessibility to it make it harder than it’s ever been to switch off.  We need to get realistic and specific on the time that we can invest in achieving and, or maintaining compliance.  Don’t make this time compete with other priorities.

Obstacles can prevent us from achieving the desired outcome.  Outcomes are aligned to what we value, or what we set out to achieve.  Procrastination and time are common obstacles.   Procrastination means we put things off, avoid or delay the task.  We need realistic timeframes.  No timeframe means we “bang” away indefinitely without success.  Setting realistic goals within practical and reasonable time frames means we are more likely to achieve results. Allocating time is committing our attention. We need to make the best use of our time available.  We need to be consistently giving time to compliance.  Often our biggest obstacle is just getting started.  We need to commit and make it happen.

The key is not to prioritise what’s on your schedule but to schedule your priorities. Stephen Covey

What’s next – getting it together

Get on track.  Consider your strategy.  Sometimes the best solutions are hidden in our biggest obstacles.  Think about:

  • What do you need to do to make things happen?
  • What resources do you need?
  • The specific tasks and create an action plan.
  • The obstacles you may encounter.
  • What needs to stop happening so this objective remains the priority?
  • The end result – go back to why you’re doing this.

Once you have an action plan – start implementing it.  Start to allocate time to the task, be it daily, or weekly.  Focus on the results and getting it done.   Seems that the formula is:

Consistency Over Time = Results (COT=R)

By Narelle Davidson

Opportunity #1 – Invest in compliance resources

Opportunity #1 – Invest in compliance resources

Resourcing compliance can be costly in terms of time and budgets.  Failing to invest in compliance resources can be a liability with potential for financial loss and reputational damage.

Compliance happens when your venue meets with its obligations.  These obligations can include legislative requirements, codes of practice, standards and even venue policies and procedures.  Compliance shouldn’t be a burden; however, for many, it is. Compliance should align to the core values of the business.  Compliance is driven by leadership.  Team engagement results in compliance.

We need practical, simple and credible solutions to assist in meeting our compliance obligations.  We need systems that add value to our everyday operations.

Why invest in compliance resources?

A good compliance management system should prepare the business to meet its compliance obligations. The compliance management system should provide an accessible knowledge base and customised information for authorised team members that will help them to perform their role and meet standards to ensure compliance.

ISO 19600:2014 provides guidance on the establishment, implementation, evaluation, maintenance of an effective and responsive compliance management system.  These guidelines can help with the principles of good governance, sustainability and ensure the long-term success of your venue. Like anything, it will take time, effort and human resources of specific skills to implement this standard to your operations and procedures.

In order to manage strategic and regulatory compliance obligations as efficiently as possible, a centralised system is best.  The benefits of implementing a compliance management system can include:

  • Leadership focus
  • Improved and informed planning
  • Business support and organisational knowledge retention
  • Greater control of documented information
  • Improved operational planning and control
  • Improved communication
  • Performance evaluation
  • Continual improvement.

Investing in an implementing a centralised management system provides an organised repository for policies, procedures and practices including training, incidents and reports.   It will ensure that every team member has access, to important compliance information they need to be prepared and deliver results.

A centralised management system is a compliance resource that cannot be overlooked.


By Narelle Davidson

What is your compliance risk appetite?

How much risk is your venue prepared to adopt?  This is a great question to ask when assessing risk appetite.

It is important to take the time and understand your greatest risks and there is no time like now.  The Allianz Risk Barometer Report 2017 includes some interesting content on business risk. Page 18 of the Risk Barometer Report 2017 lists the top 10 most important business risks in the Asia-Pacific region as:

  1. Business interruption and supply chain 56%
  2. Market developments 55%
  3. Natural catastrophes 36%
  4. Macroeconomic developments 35%
  5. Cyber incident 32%
  6. Loss of reputation or brand value 26%
  7. Changes in legislation and regulation 25%
  8. Fire, explosion 20%
  9. Talent shortage, ageing workforce 14%
  10. Political risks 12%

Interesting that legislation change or regulation continues to remain in the top 10 risks; globally it sits at number 5 – 25%.  Let’s have a look what is happening locally.

WHS Risk

Fire and explosion risks rate highly, both globally and nationally, it is also a business interruption risk that has the potential for high-cost (life and financial).  There were 26 matters referred to Queensland Fire & Emergency Service as outcomes of investigation and inspections conducted on licensed premises in 2015-16.  The penalties associated with non-compliance and category 1, 2 and 3 WHS offences are considerable.

How long is it since you visited your Fire & Emergency Management Plan? 

Have you considered other emergencies like violent and aggressive patrons, or an “active shooter”,  floods and severe weather?

Liquor & Gaming risk

The recently released OLGR Annual Statistical Report 2015-2016 shows us that there was an increase in compliance inspections over three years across the state of Queensland by 20%, along with an increase of compliance investigations by 45%.   From a total of 13376 inspections and investigations conducted, 5239 of these resulted in no breach detected (approximately 39%).

Risk is also about opportunity.  Welcome news for some that the proposed 1 am lock-outs (from 1 July 2017) in venues located in Safe Night Precincts will no longer proceed.

Food Safety risk

The Gold Coast City Council has launched a “star rating” program, similar to that as implemented by the Brisbane City Council.  The program will see food businesses on the GC issued with “star ratings”.  Star ratings are issued based on an assessment of the food safety management practices in place.  The rating system is set to be in place by November 2017.

How many stars would your food premise score?

Food allergies are becoming increasingly common.  Food businesses are encouraged to have procedures or management plans in place to deal with food allergy intolerance (FAI).

Does your food safety program include FAI procedures?

AML/CTF risk

AUSTRAC have recently created a series of fact sheets aimed to dispel some myths about money laundering.  Those fact sheets may have been emailed to the AML/CTF Compliance Officer. Have them check their email box and take a look at this recent case study involving gambling services.  Consider using them as training tools with the team.

The 2016 AUSTRAC reporting period ended on 31 December 2016 and the annual compliance report is due to be lodged by 31 March 2017.

Have you lodged your 2016 annual compliance report?

What’s next?

All of the above have potential to cause reputational loss and impact on brand value.

Governance, risk and compliance are serious stuff.  This is a good reminder to consider governance, compliance and risk along with the systems that are in place to manage them. Compliance doesn’t need to be hard work; however, it does require a consistent and realistic approach.

Does your venue have a compliance and risk policy?  Are compliance and risk being managed by informed decision making?

Compliance is a function aimed to help business, not hinder. Having a compliance manager who understands the big picture is a great start.  Implementing a compliance and risk management system can add value to your business and help you manage compliance and risk appetite.

How hungry are you?

By Narelle Davidson

Compliance Culture – Ask the right questions

Ask the right questions to understand the compliance culture and employee values of your club.

So many times we hear the words compliance culture and employee values; but what do they really mean?  I read recently that “Culture is a big and somewhat vague term. Some define it as “what happens when nobody is looking.”

Culture is the attitudes, beliefs, values and customs of your venue that become the “normal”.  Culture is what attracts  people to your business over others.

Have you ever thought about asking your employees what they think about your clubs values?

Recently, I was asked to share my thoughts on six top questions to ask team members to gauge employee values. The following questions may well be an indication of what is important to me personally, based on my values.   You could start with your vision and values statement and create your own suite of questions to ask your team.

#1           I am proud to work at “company name”.

Earlier this year I spoke to a group of managers about people culture and referenced the Rolling Stones and ‘Satisfaction’. Pride is self-satisfaction, self-respect. We should feel good about ourselves and work should be part of that.

As employers we have an impact on our employee’s higher needs like belonginess, esteem and personal potential.

Our employees should be proud to work for us and we should be proud of them.

#2           I am able to make decisions affecting my work.

Being able to make decisions about things that affect us means we take responsibility for our actions. It seems that part of responsibility is linked to our own personal values and principles. It makes sense that we would want to align with people that have similar values to ourselves. This creates group cohesion. The strength of a group is fully realised when mutual positive feelings are shared between each and all its members.

To quote Aristotle:

The whole is greater than the sum of the parts.

So, when we are working together we feel better about ourselves, this can have extremely positive effect on individuals and on our business.

#3           Senior management and employees trust each other

Trust and belief in ourselves is critical. The same in others. I recently read an article that discussed what trust looked like in the workplace. The article gave the following behaviours that people identify as indicators that management is trustworthy:

  • Follow through with what they say they will do
  • Walk the talk and keep their promises
  • Actions are consistent with stated values
  • Do the right thing even when there is pressure not to do so
  • Stand behind whatever they are asking someone to do
  • Make decisions based on what’s good for the organization
  • Back employees up
  • Have faith employees can do the task without checking; don’t doubt them
  • Keep confidential information confidential.

Deceptive behaviour will not inspire trust in your people. Justin McGurgan (Raising the Barista)

#4           How important to you is it that you have a safe work environment?

Safety is a basic human right. When our safety needs are met we feel protected, have security, order, law, stability, freedom from fear.

#5           My company/ members of my work group treat customers/clients with respect.

Treating people with respect is as much about the self-esteem of others as our own. Having respect for other people helps us maintain important relationships. Positive work relationships are essential.

#6           I have confidence in the senior management team/board/executive

It has been said that confidence is a state of mind. Confidence is linked to believing in our skills, experience and ability. It makes perfect sense that our teams should have this with their leadership team.

A true leader has the confidence to stand alone. The courage to make tough decisions, and the compassion to listen to the needs of others. He does not set out to be a leader, but becomes one by the equality of his actions and the integrity of his intent. Douglas Mc Arthur

Bonus question

My absolute important question to ask

#1           I get excited about going to work.

Why wake up each day and do a job you hate….work should stimulate us if it doesn’t excite us how will we fuel the fire in others? If your staff aren’t motivated to be there, then will your customer want to be?

By Narelle Davidson

Aligning compliance culture and employee values

Compliance culture

Compliance is achieved when a wish or command is complied with by action or fact.  Culture is  commonly defined as the values, beliefs and customs of a collective group.  To ensure the success of a compliance program, the compliance culture philosophy must be embedded within.

Implementing a compliance framework alone will not ensure long term sustainability.

The Criminal Codes Act 1995 (Cwth) defines corporate culture as follows:

corporate culture means an attitude, policy, rule, course of conduct or practice existing within the body corporate generally or in the part of the body corporate in which the relevant activities takes place.

This enforces the importance of ‘tone from the top‘.  This message must unify all stakeholders to believe that they will benefit from aligning their values as declared.

It has been said that the success of a compliance program is subject to the engagement of employees. If this is the case then our relationships with our employees becomes imperative.

Employee values

As individuals we have needs, wants, values and ultimately goals we need met.   By aligning with others, who share similar purpose, we can often achieve more in collaboration than on our own.  In our employees we look for things like:

  • Accountability – responsibility.
  • Character – stable moral qualities.
  • Integrity – honesty doing what we say we will do, strong moral principles.
  • Confidence – being certain that your actions are the best and most effective.
  • Diligence – careful and persistent work or effort.
  • Competence – ability to do something successfully or efficiently.
  • Commitment – being dedicated to the cause, activity.
  • Discipline – suppression of base desires. Restraint and self control.
  • Motivation – a reason or reason for acting or behaving in a particular way.

Aligning compliance culture and employee values

We know that there must be a sharing of similar values, customs and beliefs to ensure successful relationships. Without this we are at odds. There needs to be alignment. Working towards similar goals creates benefit for all involved. With this we can achieve improved overall positioning.

With this in mind it is imperative that the message is not lost in translation. The goal of the employer employee relationship should be clear from the beginning.  The partnership should be of benefit to both parties.  Both parties should be in a better position because of the relationship than had they remained apart.

By Narelle Davidson

What are your workplace values?

Do you know what the compliance culture is like at your club?

Have you ever taken the time to ask your staff what they think or feel about the workplace values?

A few months ago I used some statistics in a presentation to club managers. The statistics I shared had been taken from various employee climate surveys. Here are some of those stats:

  • 92% of managers say they’re doing an “excellent” or “good” job managing employees; only 67% of workers agree. –Rasmussen Reports LLC for Hudson
  • 63% of those who do not feel treated with respect intend to leave within two years.
    –Sirota Survey Intelligence
  • 33% of management and 43% of non-management employees think their companies are not doing enough to deal with poor performers.
    –Sirota Survey Intelligence
  • Executives say their managers spend an average of 7 hours or more a week sorting out personality conflicts among staff members.
  • Companies with engaged workers have 6% higher net profit margins and engaged companies have five times higher shareholder returns over five years. 2012 – Kevin Kruse, What is Employee Engagement 22/06/2012.

There were three reasons that I had included the stats to the talk:

  1. Because everyone loves a good statistic
  2. To engage my audience early in the presentation.
  3. The main point – To draw attention to the importance of understanding what your employees think.

There is a lot of argument around the value of employee surveys.  Some will say that they have a good understanding of their company culture without conducting a survey. That’s not really the issue. It’s that you’ve actually taken the time to ask your team how they feel that matters. However, just asking the questions is not enough. Once you learn what it is your employees feel, you need to do something about it.

After delivering that presentation, I was asked to share my top questions to ask employees about workplace values in an employee climate survey.  I’m sure there are many fancy philosophies, theories and science that could be applied to designing such enquiry. My instincts tell me that it makes sense to ask the questions I want answers to. I do believe however, that in conducting such analysis it is important to align to some important values.  Over the next few weeks I’ll share my top questions with you.

I read this article recently about finding the right employees. I think it reinforces the point that everyone is an individual, with their own ideas, values and beliefs. This is important when considering our compliance culture and workplace values so that we seek people to align with ours.

By Narelle Davidson

What is your compliance challenge?

What is your compliance challenge?

Mistake #7  Compliance obligations may not be as well understood as thought

Starbucks recently faced this compliance challenge.

Like it or not the hospitality industry is highly regulated. It is a challenge, keeping up to date with constant regulatory change. It’s not a secret, that our customers deserve great customer service.  This requires attentive staff focused on customer needs, not researching how to apply regulatory change.

The old saying jack of all trades, master of none. The world is constantly changing and none less that our compliance obligations. It’s a challenge to keep up with regulatory change.  Remaining on top of compliance changes and being able to interpret this to practical implementation, just another compliance challenge.  Just when you feel you’re on top of it, another change is on the way. The goal posts seem to constantly shift.

Compliance challenges your team, your board and you.

Compliance Challenge – Solution:

Accept and be prepared for change. Consult and communicate with people who provide helpful, understanding and credible guidance on what the change means and how to go about it. This may be with regulators, industry bodies, specialists.  It also includes your team.

‘There is a developing danger that compliance budgets and the availability of skilled resources is not keeping pace with the level and depth of the current compliance challenges facing firms. It is not that compliance budgets are not expected to continue to rise; it is more that, increasingly, they may not be sufficient to give beleaguered compliance functions a fighting chance of dealing with the mounting challenges. High-quality compliance skills are becoming more and more sought-after and the resources assigned to risk and compliance need to reflect the cost of the experienced resources needed to deal with the perfect storm of complex regulatory developments, a less prescriptive, judgement-based style of supervision together with a significant increase in personal liability. Put simply, firms and senior managers are storing up problems for tomorrow if they limit available compliance resources today.’  COST OF COMPLIANCE 2015 (Thomson Reuters)

Ensure that the correct people are doing the job and that they have the most appropriate tools to do it. If this is beyond the team’s skill set, seek external help. To quote Red Adair: ‘if you think it’s expensive to hire a professional wait unit you see how much it costs to hire an amateur’.

What are you waiting for? The solutions are in the mistakes.

1 2 3
Do we have a policy and procedure for that?
Staying on top of regulatory change?
Is compliance a priority for you now?
Consistency = Results
Opportunity #1 – Invest in compliance resources
What is your compliance risk appetite?