Compliance Risk Management – Risk identification RISK-ACADEMY Blog

Наши популярные онлайн курсы

+ Подробнее

+ Подробнее

+ Подробнее

Every organisation is required to comply with laws within the countries it operates in, the legal and regulatory requirements vary between different regions adding to the need to have understanding and confidence in the risk management processes in place. Organisations face considerable uncertainty when making decisions and taking actions that may have significant compliance consequences. The management of compliance risks helps organisations protect and increase its value.

This series of publications will provide guidance on the activities to be undertaken to support decision makers to assess and treat compliance risks efficiently and cost effectively to meet the expectations of a wide range of stakeholders. Failure to meet legal requirements and stakeholder expectations can have considerable and immediate negative consequences that could affect performance, reputation and might lead to criminal prosecution of top management.

Compliance risk within this series of publications is broadly defined and is not limited to, for example, risk related to compliance or contractual matters, including risks from or to third parties where there may be no contractual relationship but where there may be a possibility of litigation or other action depending on that third parties’ contractual requirements with their stakeholders.

This methodology is developed in line with the requirements of ISO 31022:2020 Risk management — Guidelines for the management of legal risk and Compliance Risk Management: Applying the COSO ERM Framework. Just kidding, it’s light years ahead of the nonsense written in the Compliance Risk Management: Applying the COSO ERM Framework. See my page by page review to understand why you should never apply COSO to compliance risks. 

For the purposes of this article, compliance risk management includes:

• Timely identification and recording of compliance risks
• Risk assessment and prioritization of compliance risk for further analysis
• Detailed risk analysis for most significant compliance risks and identification of suitable risk mitigation measures
• Monitoring and reporting.

Risk identification

The purpose of identifying compliance risks is to find, recognize and describe the risks that can help or prevent an organization to achieve or from achieving its objectives.

To have a comprehensive understanding of compliance risks, organisations may do the following:

• Review relevant laws and regulations across all of the countries of operation.
• Review claims and incident statistics captured across the organization.
• Review claims against industry peers and other relevant organizations in the countries of operation.
• Consult with relevant legal and compliance advisors and service providers.
• Review information and guidelines from regulators and government authorities.

Identified compliance risks have to be mapped against the legal entities to make sure no significant risks are missed:

Compliance risks can be documented in a manual or online risk register for further analysis.

To be continued…

RISK-ACADEMY offers online courses

+ Buy now

+ Buy now

+ Buy now

Related