The Working Group (WG) on compliance management systems and ISO standards is co-chaired by Daniel L. Bühr and Dominique Casutt. It started its activities in 2015 and counts ca. 20 members.

The WG aims at discussing the establishment, implementation, maintenance and continual improvement of best practice compliance management systems. It focuses on the recent ISO Standard 19600 – Compliance Management Systems.

The WG also follows related matters such as independent auditing and certification of compliance management systems.

Regular lunch meetings, presentations and conference calls shall promote the exchange of know-how and the discussion of important developments and further networking among all those who share an interest in best practice compliance management based on transparent and auditable compliance management system standards.

Registration WG CMS/ISO

Participation in the ECS Working Group is open to all ECS Members. If you are interested in joining the WG please register.


Next meeting of the WG on Thursday, 24 August 2017

The introduction of standards-based compliance management systems (CMS) is rapidly growing in importance. Recently, Alstom Group certified under the anti-bribery management system Standard ISO 37001 and Microsoft and Wal Mart announced that they are seeking ISO 37001 certification. It is likely that other multinationals will follow and require their suppliers to be certified as well.

Against this background, we invite you to the next WG event on Thursday, 24 August 2017, 5:00pm, at LALIVE, Stampfenbachplatz 4, Zurich. We will hold a round table event where we will first share some general experience as accredited compliance manangement system auditors. Then, Matthias Kiener, Partner, Advisory Forensic with KPMG, Zurich, will introduce us to CMS audits under IDW Audit Standard 980 and other standards and provide an update on Swiss developments. The presentation will be followed by a discussion (under Chatham House rules) on independent CMS audits and certification.

All those interested in independent CMS audits and certification and the key trends at a global and Swiss level are very welcome to join this event. Please register by sending an email to The discussion will be followed by a “best practice” apéro at 6:00pm.

We look forward to meeting you on 24 August in Zurich.

Dominique Casutt and Daniel Bühr, Co-Chairs ECS Working Group CMS/ISO Standards


WG Compliance Management Systems/ISO – Event of 28 June 2016 on best practice risk management

With the catchy title “Is compliance a risk? How risk management can help you make risk-based compliance decisions” Stéphane Martin, founder and CEO of Smart Risk Consulting, held a presentation at the event of the ECS Working Group CMS/ISO on 28 June 2016.

Risk assessment and management is one of the key elements of any compliance management system and therefore subject to ISO 19600 on Compliance Management Systems. The section on risk management in ISO 19600 is, however, quite short. Therefore, it may prove very helpful to consider the specific ISO standard on Risk Management for further reference.

Stéphane provided in his well-structured and focused presentation not only a good overview of the key principles of the ISO 31000 standard on Risk Management but also shared his practical experience in risk management in a very hands-on and interactive manner. He elaborated on what may be considered a compliance-risk and in particular stressed the need to differentiate between its constituent elements cause, source, event and consequence – in order for risk management to be effective it is crucial to have a control in place for each cause.

The presentation was followed by a lively discussion on this hot topic and rounded off with some cold drinks.

ECS WG CMS/ISO discussed the ISO 19600 Principles of Good Governance

On 30 June the Working Group CMS/ISO met for the second time in Zürich and discussed the principles of good governance as set out in ISO 19600, in particular direct access to the governing body, independence of the compliance function, appropriate authority and adequate resources. After an introductory presentation the participants had a lively discussion on the subject matter followed by specific questions raised by Working Group members regarding ISO 19600.

It was agreed that the next meeting will take place in September. The first part of the meeting will be used to discuss the purpose of the Working Group and its envisaged output going forward; for the second part it is planned to invite a Chief Compliance Officer from an organisation which has already been certified according to ISO 19600 to share first-hand insights regarding the certification process. Date and agenda of the meeting will be announced in due time.


WG CMS/ISO 19600 plans second meeting on 30 June in Zurich

The Working Group CMS/ISO has scheduled its second in-person meeting for 30 June 17.00 to 19.00h in Zurich. The meeting agenda will be made available in due time. Suggestions from Working Group members or other interested parties are highly welcome.

Building on the first in-person meeting on 16 March which served the purpose of bringing interested members “up to speed” with regard to the new ISO 19600 standard on compliance management systems, the second meeting now aims at addressing specific areas of interest and possible queries.

Other ECS members or external individuals who are interested in attending the event are kindly requested to sign up for the Working Group (and a membership with ECS, if not yet a member). The Working Group has by now increased to more than 15 members.

First face to face meeting in Zurich on 16 March 2015

Basel, 24 March 2015. At the meeting of 16 March 2015 in Zurich, the ISO Standard 19600 and the certification concept of Austrian Standards were presented to the members of the WG (12 participants attending, 3 excused). The participants discussed the Standard and independent audits of Organizations with regard to their Compliance Management Systems. The participants agreed that ISO 19600 may become a benchmark because it is the first global standard on compliance management systems. Questions focused on the best approach to implement a compliance management system, in particular on how to secure Board and Top Management attention, buy-in and support. Also, the concept and benefits of certification were discussed.

The Working Group decided that it wants to act as the ECS point of contact for Compliance Management Systems and that it intends to meet bi-annually in person to further discuss CMS and ISO topics of common interest. A next meeting will be scheduled for the second half of June.