risk management n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Compliance Risk Management PowerPoint Presentation
Download Presentation
Compliance Risk Management

Loading in 2 Seconds...

play fullscreen
1 / 8

Compliance Risk Management - PowerPoint PPT Presentation


  • 6 Views
  • Uploaded on

There has been, for many years, an ongoing debate as to the relationship between Compliance Management and Risk Management. Some have believed they are separate disciplines, others that risk management is a subset of compliance and yet others, that compliance is a subset of risk management.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Compliance Risk Management' - brockkepert


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
risk management

Risk Management

Compliance

there has been for many years an ongoing debate
There has been, for many years, an ongoing debate as to the relationship between Compliance Management and Risk Management. Some have believed they are separate disciplines, others that risk management is a subset of compliance and yet others, that compliance is a subset of risk management.
the new iso 19600 standard december 2014 provides

The new ISO 19600 standard (December 2014) provides a reminder of how compliance and risk should operate together, as “colleagues” sharing a common framework with some nuances to account for their differences.  The 29600 standard on “Compliance Management Systems” reflects largely the existing AS 3806-2006 standard, which it will replace.

  • It is clear that the standard is closely aligned with the ISO 31000 risk management standard. This is most prominent when comparing the seven processes in each standard.
in addition compliance risk is defined

In addition, Compliance Risk is defined as “the effect of uncertainty on compliance objectives” while the ISO 31000 standard defines Risk as “the effect of uncertainty on objectives”.

The 19600 standard, amongst many other things, “recommends” that organisations: “adopt a risk-based approach to compliance” and “develop a risk appetite for compliance risks”.

the standard fully supports integration

The standard fully supports integration of compliance risk management with enterprise risk management as far as possible. This is good news for business as greater value can be extracted from risk and compliance cultures that feed off each, and support” each other. It means that compliance risk management becomes part of enterprise risk management using, by and large, the same processes. The key overlaps are:

1. Compliance Risks are generally the same as operational risks. The only difference is that “compliance risks” lead to an actual or potential compliance breach (impact). Many of the risk events that cause compliance breaches will also lead to other “operational” impacts such as financial loss, reputation damage etc.

2 the processes of operational risk management

2. The processes of operational risk management can be equally used for compliance risk management including:

- Incident Management. Compliance breaches should be considered as “risk incidents” and be subject to the same, if not tailored, approach to management.

- Controls Assurance: The key controls over key compliance risks should be subject to ongoing control testing and validation as for all other key controls.

- Issues and Actions. Issues identified in the above processes should be recorded and remediated as for any other risk issue identified.

- Risk and Control Self Assessment. Compliance risks should be considered in the overall risk assessment.

- Stress Testing. Stress scenarios leading to severe compliance breaches should be considered as part of the overall stress testing program.

- Key Risk Indicators. Early warning indicators should be put in place around the key risks that could cause major compliance breaches.

this means that compliance risk management should

This means that compliance risk management should form an integral part of the overall enterprise risk management (ERM) framework and risk professionals should consider compliance risk as part of their overall portfolio of risks.

Being compliance, there are some nuances that have to be separately considered. These include:

  • Compliance obligations must be identified, recorded and linked to the source legislation, standard of guidance. This requires and obligations register to be maintained.
  • Taking a risk based approach to compliance, the application of all of the standard ERM processes as outlined above may only be considered appropriate for the key compliance risks.  For other compliance risks, as a degree of comfort should be acquired, this may come in the form of other techniques including attestations, process reviews, checklists, mystery shoppers etc.  The combination of all techniques should provide reasonable assurance that the compliance objectives are being met.   

.

article source protecht image source bryan
Article Source: Protecht

Image Source: Bryan Whitefield