Upon successful completion of this program, participants will be able to:

• Articulate the purpose and core requirements of the ISO 37301:2021 standard.
• Apply the Plan-Do-Check-Act (PDCA) cycle to the full life of a CMS.
• Establish the scope and context of an organization's CMS, integrating compliance obligations.
• Plan, conduct, and report on CMS audits in accordance with ISO 19011 (Auditing Management Systems).
• Evaluate the effectiveness of internal controls and management commitment to compliance culture.
• Assess the competence of compliance personnel and the adequacy of training programs.
• Identify nonconformities and ensure effective corrective action and continuous improvement.
• Advise management on strategies for achieving and maintaining ISO 37301 certification.

• Compliance Officers and Managers
• Internal and External Auditors
• Quality and Integrated Management Systems Professionals
• Risk Management and Governance Specialists
• In-house Legal Counsel
• Consultants specializing in ISO certification
• Senior Managers overseeing the compliance function

• **Scenarios:** Planning a Stage 2 certification audit for a multi-national organization's CMS, including defining the audit scope and necessary resources.
• **Case Studies:** Analyzing a real-world compliance failure and tracing the root cause back to a failure in the Leadership/Commitment clause of ISO 37301.
• **Group Activities:** Collaborative role-play of an audit closing meeting, presenting major nonconformities to top management and negotiating corrective action timelines.
• **Individual Exercises:** Drafting an audit checklist for the "Control" clause of the ISO 37301 standard.
• **Mini-Case Studies:** Quick evaluation of a company's compliance policy statement to determine if it meets the requirements of the standard.
• **Syndicate Discussions:** Debating the importance of independence for the compliance function and its relationship with the legal department.
• **Audit Report:** Preparing a summary audit report on the nonconformities found during a simulated internal audit.

Unit 1: CMS Fundamentals and ISO 37301 Context

• The foundation of a CMS: good governance, proportionality, and transparency.
• Detailed review of the ISO 37301 standard clauses and their relationship to ISO High-Level Structure (HLS).
• Understanding the PDCA cycle as applied to the CMS.
• Identifying and documenting all compliance obligations (legal, regulatory, voluntary).
• Establishing the internal and external context and scope of the CMS.

Unit 2: Leadership, Planning, and Support

• The role of top management and the governing body in compliance oversight.
• Establishing the organization's compliance policy and clear objectives.
• Resource planning, competence assessment, and awareness training requirements.
• Developing the risk-based approach to compliance risk assessment.
• The importance of independence, authority, and effective compliance function.

Unit 3: Operation and Performance Evaluation

• Designing and implementing operational controls and processes to meet obligations.
• Implementing effective financial controls to prevent bribery and corruption.
• Methods for monitoring and measuring CMS performance and compliance adherence.
• The purpose and process of whistleblowing, investigation, and reporting mechanisms.
• Principles of auditing management systems (ISO 19011) and auditor competence.

Unit 4: The CMS Audit Process

• Developing the audit program and creating the specific audit plan.
• Conducting on-site audit activities: interviews, observation, and document review.
• Techniques for gathering objective evidence and verifying compliance effectiveness.
• Identifying, classifying, and documenting nonconformities (major and minor).
• Managing the audit team and ensuring objective auditor performance.

Unit 5: Improvement and Certification

• Formulating the audit report and communicating findings to management.
• Ensuring effective corrective action and addressing the root cause of nonconformities.
• The purpose and scope of the CMS Management Review.
• Driving continuous improvement of the CMS and compliance performance.
• Understanding the process for external certification to ISO 37301.