A successful compliance program protects organisations, regardless of size, and its people from the harms that flow from corporate misconduct. In a series of posts we set out our thoughts on eight of the bricks that pave the way to compliance success, starting with a robust compliance risk assessment.
Learn more about our compliance support services at https://lnkd.in/gHT_EYGA
The foundation of any effective compliance program is a thorough grasp of the organization’s risks. This is the result of a robust risk assessment informed by a clear understanding of the organization’s operating environment and the types of risk of misconduct that may occur. All organizations, regardless of size, face compliance risks and the assessment can be tailored to reflect the complexity and scale of the organization’s business.
Without the necessary investment of time and effort to achieve this depth of understanding, the compliance “house” will be built on sand and risks being blown away or severely damaged by the first unanticipated risk to hit the organization. Using a well designed methodology and enlisting the active participation and contributions from those who know the operations best, are key success factors here.
If this is to be a valuable foundational exercise rather than a potentially unmanageable laundry list, it is important that as part of the process judgements are made as to the likelihood that each such risk will materialize and the consequences for the organization’s operations. With this information, the organization can prioritize often scarce resources and mitigate the greatest risks first.
But risk is not static - as the organization's operations evolve, perhaps by entering a new area or developing new products or new ways of marketing products - so too do the risks the organization faces. A recent example we worked on together was a comprehensive review of a multinational corporation’s marketing compliance policies to ensure they adequately managed risk as the company expanded its digital marketing programs. This resulted in a suite of new risk management tools in the form of policies, processes and training.
If the organization’s compliance program is to be successful in anticipating and mitigating its risks, the risk assessment cannot be a one time exercise or a snapshot. If it is, the organization is likely to be exposed to unforeseen and therefore unaddressed risks and face potentially damaging consequences, for example in the form of penalties, reputational harm and the loss of investor or stakeholder confidence and support. Ideally, these periodic risk reviews should be scheduled and completed annually to set the agenda for the prioritization of risks, the revision of mitigation tools such as policies and related training for the year ahead.
Comentários