IIA-Australia White Paper - The ORC Model for Compliance Management

The ORC Model for Compliance Management

This is a members only resource. Please login to access. 


Nigel Dalton-Brown FGIA, GAICD, AMIIA, MBA



Topics Explored



White Paper


By applying the ORC model, Internal Audit will have a foundational structure similar to a financial chart of accounts; that is, a digestible breakdown of all of the organisation’s obligations broken down into subcategories. This foundation will provide the basis for further tools and standardised reporting.

Key Points

  1. An organisation’s obligations start at the top, with corporate governance and the risk appetite statement.
  2. Every single internal compliance document, irrespective of industry or subject matter, falls into one of six classes where each class describes an entity.
  3. Risk topics are discussed by different managers, but from slightly different perspectives.
  4. The ORC model provides organisations with a framework from which they can build a comprehensive obligations register.

Relevant Industries


Level of Assumed Knowledge