Back

Align organizational objectives with compliance objectives in the decision-making criteria.


CONTROL ID
12847
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a decision management strategy., CC ID: 06913

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • document the decision-making processes underlying the organization's sustainability reporting in a way that allows for the examination of the key decisions and processes, such as the process of determining material topics; (Verifiability Guidance ¶ 2 Bullet 2, GRI 1: Foundation 2021)
  • Objectives should be consistent with the decision making criteria set for acceptable levels of residual risk, performance, and compliance in light of the stated mission, vision, and values and the frame of reference. (OCEG GRC Capability Model, v. 3.0, A2.1 Apply Decision-Making Criteria, OCEG GRC Capability Model, v 3.0)
  • senior decision-makers and the opportunity to contribute early in the decision-making processes; (§ 5.3.3 ¶ 1 d) 3) Bullet 1, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • the authority and capacity to execute countervailing power, by showing any consequences for compliance in relevant decision-making processes; (§ 5.3.3 ¶ 1 d) 4), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • The organization should establish its compliance management system objectives at relevant functions and levels. (§ 6.2 ¶ 1, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • aligning the organization's commitment to compliance to its values, objectives and strategy in order to position compliance appropriately; (§ 7.3.2.2 ¶ 1 a), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • ensuring that operational objectives and targets do not compromise compliant behaviour. (§ 7.3.2.2 ¶ 1 i), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • steer the organization such that its decision-making and activities are consistent with the organizational purpose, organizational values and governance policies, including considering how stakeholders can report a breach in behaviour (e.g. via whistleblowing); (§ 6.10.3 ¶ 1 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • functional requirements of the organizational governance framework. (§ 5 ¶ 5 Bullet 7, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • the organizational purpose is core to its governance practices, deliberations and decision-making; (§ 6.1.3.2 ¶ 2 Bullet 3, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Having defined the organizational values, the governing body should ensure that these organizational values are being demonstrated and are an active part of decision-making. The governing body should use these organizational values to determine the manner in which the organizational purpose is to be… (§ 6.1.3.3 ¶ 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Ensure that diversity and inclusion are understood and incorporated into all organizational decision-making by including factors such as gender, age, ethnicity, sexual orientation, education, perspectives, nationality, disability and beliefs. (Table 2 Column 2 Row 5 Bullet 1, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • decision-making behaviours are informed by risk assessment outcomes and are consistent with governance policies; (§ 6.9.3.4 ¶ 1 g), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • senior decision-makers and the opportunity to contribute early in the decision-making processes; (§ 5.3.2 ¶ 4 bullet 1, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • aligning the compliance management system with the compliance objectives; (§ 5.3.2 ¶ 1 bullet 3, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • senior decision-makers and the opportunity to contribute early in the decision-making processes; (§ 5.3.2 ¶ 6 bullet 1, ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • policies and plans required by this document; (§ 8.5.1.3 ¶ 1(c), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • Alignment to objectives. Decisions should align to the organizational objectives while keeping within the allocated resources, defined risk and other controls imposed by the organization. (§ 6.3 ¶ 6 Bullet 1, ISO/IEC 38507:2022, Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations)