Managing the compliance of contractors

Share on twitter
Share on linkedin
Share on facebook

Start with a risk assessment.

A risk assessment is a means of identifying the risks that your business faces and assessing the likelihood of them occurring. It also involves determining the controls you currently have in place to manage those risks, as well as whether or not any additional controls are necessary.

When you are considering if your contractors are a compliance risk, look at their role, responsibility, applicable regulatory penalties and existing controls. We’ve looked at the need for more comprehensive risk assessments in previous posts, if you don’t have sufficient resources to conduct such an assessment consider hiring a third party to do so.

The formality of the controls should depend on the risks.

There are no hard and fast rules. You should design controls to achieve your goal and they should be proportional to the risks. Similarly, they should be sufficient to mitigate the risks to an acceptable level, but no more than that.

For example, if you are procuring a supplier who has complete access to your production system and is therefore a high risk, you will need proportionately high controls in place. In this case, the control would include stringent checks on their security standards, a detailed and robust contract that covers confidentiality provisions and clear procedures for how they behave whilst working on your site.

Ensure compliance with law, regulations, and specific controls.

To ensure compliance with law, regulations, and specific controls:

  • Select the right contractors to be the most compliant.
  • Provide training on the law, regulations, and specific controls.
  • Ensure that contracts clearly state your expectations regarding compliance with law, regulations, and specific controls.
  • Monitor compliance with plans as work progresses.

Give clear instructions, expectations, and responsibilities.

Make sure that your contractors understand what is expected of them. They should know what is permissible and what is not, as well as who to contact if they have any questions or concerns. A contractor shouldn’t be forced to guess if something is unclear or off-limits.

Provide sufficient training and supervision.

You’re responsible for ensuring that contractors receive sufficient training and supervision. The level of training and supervision they need should be determined by the type of work they’re doing and their skill level.

Maintain oversight throughout the contract period.

Maintain oversight throughout the contract period.

This is more than just a matter of signing off on monthly invoices. It means regularly checking in with the contractor to ensure that things are running smoothly and that no problems are being ignored.

If contractors have genuine concerns about your requirements, don’t ignore them. If you do, you won’t gain any advantage from their expertise and skills; in fact, you may cause them problems and set yourself up for failure.

Periodically audit and evaluate contractor practices.

  • Periodically audit and evaluate your contractors’ practices. Contractor compliance can be ensured in a number of ways, such as internal audits, third-party audits, work product audits, process and facility audits.
  • Frequently audit the contractor’s work product. This is the simplest way to ensure that the contractor is complying with your operating policies. Of course, this is not always possible or practical–in some cases you might have to rely on implicit deferred trust (which we’ll discuss below), but in many cases you can request a review of the contractor’s deliverables at regular intervals to make sure they’re meeting your specifications.
  • Hire a third party auditor if possible. It’s better to leave auditing up to an independent expert rather than doing it yourself–you don’t want any potential bias against contractors affecting how they’re assessed

Follow up with remediation when necessary.

It’s important to follow up quickly with any contractors who are non-compliant, and to take steps that protect against non-compliance in the future.

Know your contractors as well as you know your employees who work for you

You [should] know your contractors as well as you know your employees who work for you…

In many cases, contractors are an extension of your business. They can bring their own risks, vulnerabilities, and threat actors. Therefore, they can introduce new risks and vulnerabilities and new threat actors along with that. In addition to that, they can introduce new compliance obligations and requirements. So we have to be aware of all of this when we’re looking at our compliance process…

Compliance isn’t just about the technology it’s about the people, it’s about the processes and procedures behind it (the ins-and-outs) that helps make a successful compliance program…

More to explorer

The Compliance Framework and Reporting Guidelines: NT Energy Retail

The Compliance Framework and Reporting Guidelines were produced in 2016 by the Utilities Commission of the Northern Territory (‘the Commission’). The guidelines were produced pursuant to section 7 of the Utilities Commission Act and are consistent with the aim of the Commission to foster a culture of compliance.

Solar Power Plant in Hermannsburg, Northern Territory, Australia

An Introduction to the Electricity Retail Supply Code (NT)

The Electricity Retail Supply Code was introduced in 2011 with the objective of facilitating retail supply activities following the introduction of contestability and retail competition in the Northern Territory electricity market. 

In this first of a series of posts, we look at obligations relating to customer transfers, life support and dispute resolution.

Leave a Reply

Your email address will not be published.

Membership Level

You have selected the Premium Content- Single Post membership level.

This is a premium post, the cost of access is $11.99 (inc GST). Please complete your details to access the post.

The price for membership is $11.99 now.

Account Information Already have an account? Log in here


Payment Information We accept all major credit cards

Pay with Credit Card