Qualification details
Title
New Zealand Diploma in Organisational Risk and Compliance (Level 6)
Version
1
Qualification type
Diploma
Level
6
Credits
120
NZSCED
080317
Quality Management
DAS classification
Business > Business Operations and Development >
Organisational Direction and Strategy
Qualification developer
The Skills Organisation
Next review
December 2018
Approval date
March 2015
Strategic purpose statement
The purpose of this qualification is to provide experienced
practitioners in the risk and compliance area with a transferable
set of skills and knowledge to lead the development and
implementation of effective organisation-wide risk and
compliance management systems. Variants of these systems are
required across a broad range of organisations.
This qualification builds and improves business practices through
proactive management of risk, compliance with relevant laws and
codes, and through ethical practices and governance to meet
community expectations.
Graduates will be capable of leading the development and
management of risk and compliance frameworks within dynamic
context.
Graduate profile
Graduates will be able to:
1
2
3
Outcome Statement
4
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
5
6
7
Develop the risk and compliance framework(s) to encourage
proactive management of risk and compliance within the
context of the business strategy.
Identify and assess the obligations, risks, laws, regulations,
codes, and standards applying to an organisation and take a
risk based approach to prioritise organisational responses to
ensure compliance within a specific business context.
Design and implement proactive risk and compliance
systems and frameworks to support the achievement of
business objectives.
Identify, analyse, and monitor risks in line with the risk and
compliance framework and recommend cost effective
mitigation strategies.
Report on the risk and compliance programme to internal
and external stakeholders.
Manage engagement with internal and external
stakeholders, including regulators, auditors, managers, and
board.
Assess the adequacy and effectiveness of the risk mitigation
Page 1 of 8
8
9
strategies, policies, procedures, and controls.
Promote the value of appropriately managing both voluntary
and mandatory obligations
Identify competency gaps and training needs and develop
relevant training and support resources.
Education pathway
This qualification may lead on from New Zealand Certificate in
Organisational Risk and Compliance (Level 4).
Candidates entering this qualification should have experience as
a risk or compliance practitioner before doing so.
All graduates may progress on to higher level tertiary
qualifications in management and leadership.
Employment pathway
Graduates of this qualification, supported by relevant
professional credentials, may be qualified to work as a leading
practitioner in the risk and compliance field.
Examples of roles include: head of compliance, head of risk and
compliance, chief compliance officer, compliance consultant.
Qualification specifications
Qualification award
The candidate shall be awarded the qualification by the
accredited Tertiary Education Organisation (TEO) approved
to deliver the programme leading to the qualification, ITO’s
that arrange training leading to the qualification and
education providers accredited to deliver programmes
leading to the qualification
The formal document certifying the award of this qualification
includes the full qualification title, the NZQF reference
number, and the date of issue and/or award.
The formal document certifying the award of this qualification
will display the NZQF logo and may also include the name
and/or logo of the awarding education organisation and/or
qualification developer.
Until NZQA’s records systems reflect the award of all New
Zealand qualification, as the qualification developer The
Skills Organisation will maintain a list of graduates of this
qualification. The TEO will annually report the names of all
graduates awarded the qualification to The Skills
Organisation and this information will be passed to NZQA in
the future.
Arrangements for managing
consistency
All Tertiary Education Organisations (TEOs) offering this
qualification (either arranging training or delivering
programmes) must participate in the Consistency Review.
TEOs are to seek feedback from the risk and compliance
sector regarding their graduates meeting the qualification
graduate profile outcomes. Evidence may come from:
Regular monitoring of trainee progression within either the
TEO or the workplace including liaising with employers,
teaching staff, training supervisors, and industry managers
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Page 2 of 8
about the value of the training, graduates, and qualification
to the business.
Feedback from relevant industry or practitioner organisations
such as Risk NZ; Governance, Risk, and Compliance
Institute; Institute of Internal Auditors, to ensure their
members involved in the risk and compliance sector are
satisfied with the qualification graduates.
Regular cross-industry meetings (Industry Advisory Groups)
where the changing training needs of the industry can be
discussed in light of technology changes, workplace
practices, and graduate capabilities.
Independent surveys of graduates and employers to
determine if the graduates are appropriate for the workplace.
Providing an alignment matrix of programme outcomes or
unit standards against the qualification outcomes.
The evidence should be collated in to a high level report
using the consistency template that answers the key
evaluation question and is presented at the consistency
event to show how the graduates meet the graduate profile.
Guidelines for managing consistency are available and
should be referred to on the NZQA website.
Credit transfer and recognition of
prior learning arrangements
TEOs delivering programmes that lead to award of this
qualification may transfer credit and recognise prior learning
in accordance with their own credit recognition policies and
procedures.
These policies and procedures, and information about
associated fees, must be available to the applicant prior to
enrolment.
To facilitate credit transfer, education organisations must
clearly demonstrate the equivalency or comparability
between each of the outcomes in the graduate profile, and
the assessment components of their programmes.
Credit transfer will be automatic where standards on the
Directory of Assessment Standards are used within
programmes of study or training leading to this qualification.
Minimum standard of achievement
and standards for grade
endorsements
The minimum standard of achievement required for the
award of the qualification will be:
Entry requirements (including
prerequisites to meet regulatory body
or legislative requirements)
Graduates entering this qualification should have
competencies and understandings at or above the New
Zealand Certificate in Organisational Risk and Compliance
(Level 4) [Ref: 2609].
achievement of all graduate outcomes in the
graduate profile through successful completion of an
approved programme.
Qualification conditions
Overarching conditions relating to the qualification
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Page 3 of 8
Conditions for programme
structure
None
Conditions for programme
context
None
Other conditions
Tertiary Education Organisations (TEOs) offering programmes leading
to this qualification must maintain currency with amendments to, and
replacements of, relevant legislation, regulations, government
departments, and Australian/New Zealand/International Standards.
In order that programmes have a global perspective, it is expected
that they align with and promote the principles contained in:
ISO 19600:2014 Compliance Management Systems – Guidelines
ISO 31000:2009 Risk Management – Principles and guidelines
Definitions
Risk and compliance management systems support an organisation’s
ability to demonstrate its commitment to the identification and
management of risk and compliance with relevant laws and codes, as
well as governance, ethical and community expectations.
Risk – effect of uncertainty on organisational objectives.
Events and issues – include but are not limited to the probability and
impact of risks, breaches, and near misses.
Specific conditions relating to the Graduate profile
Qualification outcomes
Conditions
Mandatory
1
Mandatory
Develop the risk and
compliance framework(s) to
encourage proactive
management of risk and
compliance within the context
of the business strategy.
15 Credits
Programme and assessment will include:
Understanding of the interaction
between the risk and compliance
framework and the overarching
corporate governance environment.
Consideration and understanding of key
internal and external impacts on the
business strategy.
Appreciation and awareness of key
factors affecting both the commerciality
and the performance of the organisation.
Techniques to positively influence the
culture of an organisation in line with its
tolerance for risk and strategic
objectives.
Aligning business strategy and an
organisation’s tolerance for risk.
2
Identify and assess the
obligations, risks, laws,
regulations, codes, and
standards applying to an
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Programme and assessment will include:
Mandatory
Understanding of the process to identify
relevant legislative, regulatory, and
codes of practice for that industry and
Page 4 of 8
organisation and take a risk
based approach to prioritise
organisational responses to
ensure compliance within a
specific business context.
10 Credits
business.
Identifying, recording, and where
relevant applying voluntary and
mandatory obligations, standards, and
Codes of Practice.
Assessing impacts and consequences of
failing to apply voluntary and mandatory
obligations, standards and Codes of
Practice.
Maintaining currency with changes in
obligations and how these impact the
risk and compliance framework.
Applying a risk based approach to
ensuring identified potential impacts
(cost/time/quality) are afforded
appropriate priority when developing risk
mitigation and control actions.
3
Design and implement
proactive risk and compliance
systems and frameworks to
support the achievement of
business objectives.
15 Credits
Programme and assessment will include:
Mandatory
Determining the scope of risk and
compliance management frameworks
and systems.
Components include: laws, regulations
standards, international/regional
obligations.
Understanding an organisation’s
strategic objectives and values,
organisation structure and governance
framework, taking into account factors
such as:
–
Nature, size and complexity of
the business, level of risk associated
with non-compliance, risk assessment
methodology, nature of customers, level
of regulatory oversight, level of risk and
compliance maturity within the industry
and organisation.
Principles and options for design of
organisational risk and compliance
programmes.
Options for implementation of
organisational risk and compliance
programmes.
4
Identify, analyse, and monitor
risks in line with the risk and
compliance framework and
recommend cost effective
mitigation strategies.
15 Credits
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Programme and assessment will include:
Mandatory
Designing and initiating investigations
and mitigation actions as required and
report to internal and external
stakeholders.
Developing and implementing
Page 5 of 8
appropriate monitoring and reporting
systems.
Principles for identification of appropriate
risk and compliance action owners.
Identifying key stakeholders.
Principles and options for the capture
and evaluation of pertinent information
relevant to risk and compliance.
Principles and options for recording
systems to record events, corrective
actions, and track remediation, having
regard to any specific regulatory
requirements.
5
Report on the risk and
compliance programme to
internal and external
stakeholders.
10 Credits
Programme and assessment will include:
Mandatory
Preparation of professional and fit for
purpose reports on risk and compliance
to meet specific stakeholder or wider
organisational requirements.
Ability to competently communicate
issues, risk avoidance, mitigation, and
remediation strategies to relevant
stakeholders.
6
Manage engagement with
internal and external
stakeholders, including
regulators, auditors, managers,
and board.
10 Credits
Programme and assessment will include:
Mandatory
Relationship management of key
stakeholders including, but not limited to;
–
regulators, auditors, risk and
compliance committees, management,
and board.
–
Including plans, scope of work,
cost of work, budget, resources,
reporting.
Communicating the value or role of the
framework to others such as staff,
customers, suppliers, distributors,
outsource partners, and contractors.
7
Assess the adequacy and
effectiveness of the risk
mitigation strategies, policies,
procedures, and controls.
15 Credits
Programme and assessment will include:
Mandatory
Evaluation of policies, procedures and
controls in the context of an
organisation. Criteria may include fit for
purpose, achieving objectives, operating
effectively minimising loss.
Identification, reporting, and remediation
of complaints, incidents, breaches, and
near misses.
Creating appropriate responses to
events and issues, including
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Page 6 of 8
development and evaluation of response
plans
Assessment of risk mitigation and
corrective actions taken considering the
adequacy and effectiveness of the
control environment within the
organisation and utilising independent
internal and external advice.
Understanding the role of continual
improvement in a risk and compliance
management system
Awareness of behavioural issues in
effective organisational change.
Evaluation and review of the
performance of policies and procedures
over time and how any new policies and
processes are embedded.
8
Programme and assessment will include:
Promote the value of
appropriately managing both
voluntary and mandatory
obligations
Advocating for the fulfilment of
organisational ethical, social, and
corporate responsibilities with reference
to the organisation’s agreed position:
20 Credits
Understanding the consequences of
organisational choices in the context of
ethical, social, and corporate
responsibilities and the management of
risk.
Mandatory
Ability to explain the value proposition for
the pursuance of ethical, social, and
corporate responsibilities
Awareness of the environmental, social,
and ethical context to the risk and
compliance framework.
Communicating and promoting the value
of the risk and compliance framework to
relevant stakeholders:
Educating and influencing staff, board
and senior management regarding the
organisation’s risk and compliance
frameworks, systems, culture and
tolerance for risk.
Strategies and techniques for motivating
behavioural change, including
development and implementation of
accountability mechanisms.
Promoting the use of the risk and
compliance systems and providing
guidance on the cost/benefit of doing so.
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Page 7 of 8
Competently providing risk based advice
and guidance to the business.
9
Identify competency gaps and
training needs and develop
relevant training and support
resources.
10 Credits
Programme and assessment will include:
Mandatory
Identifying training needs, arranging
delivery of suitable training, and
monitoring effectiveness.
Develop training resources and library,
and promoting their use.
Techniques, including a variety of
appropriate media, for designing and
developing employee awareness of
compliance obligations and directing
them to meet training and competence
requirements.
Training the immediate stakeholders of
the organisation for implementation of
the risk and compliance framework and
systems.
Qualification Reference 2610
© New Zealand Qualifications Authority 2014
Page 8 of 8