Home
> Risk > New Guidance from COSO on Compliance Risk. Is it of value?
> Risk > New Guidance from COSO on Compliance Risk. Is it of value?
New Guidance from COSO on Compliance Risk. Is it of value?
One of my good friends asked me to review the latest from COSO, Compliance Risk Management: Applying the COSO Framework, which was published this month.
My friend said it was one of the worst pieces of guidance released by COSO, but I tend to disagree. It has value but is incomplete.
I like these comments:
- Compliance risks are common and frequently material risks to achieving an organization’s objectives.
ndm: It is refreshing to see the reference to achieving objectives.
- Compliance risks are those risks relating to possible violations of applicable laws, regulations, contractual terms, standards, or internal policies where such violation could result in direct or indirect financial liability, civil or criminal penalties, regulatory sanctions, or other negative effects for the organization or its personnel.
ndm: The publication includes not only violation of laws and regulations but also of corporate values, what OCEG refers to as mandatory and voluntary boundaries.
- Although the underlying acts (or failures to act) are carried out by individuals, compliance violations are generally attributable to the organization when they are carried out by employees or…