Compliance Risk Management – Risk identification

Every organisation is required to comply with laws within the countries it operates in, the legal and regulatory requirements vary between different regions adding to the need to have understanding and confidence in the risk management processes in place. Organisations face considerable uncertainty when making decisions and taking actions that may have significant compliance consequences. The management of compliance risks helps organisations protect and increase its value.

This series of publications will provide guidance on the activities to be undertaken to support decision makers to assess and treat compliance risks efficiently and cost effectively to meet the expectations of a wide range of stakeholders. Failure to meet legal requirements and stakeholder expectations can have considerable and immediate negative consequences that could affect performance, reputation and might lead to criminal prosecution of top management.

Compliance risk within this series of publications is broadly defined and is not limited to, for example, risk related to compliance or contractual matters, including risks from or to third parties where there may be no contractual relationship but where there may be a possibility of litigation or other action depending on that third parties’ contractual requirements with their stakeholders.

This methodology is developed in line with the requirements of ISO 31022:2020 Risk management — Guidelines for the management of legal risk and Compliance Risk Management: Applying the COSO ERM Framework. Just kidding, it’s light years ahead of the nonsense written in the Compliance Risk Management: Applying the COSO ERM Framework. See my page by page review to understand why you should never apply COSO to compliance risks. 

For the purposes of this article, compliance risk management includes:

  • Timely identification and recording of compliance risks
  • Risk assessment and prioritization of compliance risk for further analysis
  • Detailed risk analysis for most significant compliance risks and identification of suitable risk mitigation measures
  • Monitoring and reporting.

 

Risk identification

The purpose of identifying compliance risks is to find, recognize and describe the risks that can help or prevent an organization to achieve or from achieving its objectives.

To have a comprehensive understanding of compliance risks, organisations may do the following:

  • Review relevant laws and regulations across all of the countries of operation.
  • Review claims and incident statistics captured across the organization.
  • Review claims against industry peers and other relevant organizations in the countries of operation.
  • Consult with relevant legal and compliance advisors and service providers.
  • Review information and guidelines from regulators and government authorities.

Identified compliance risks have to be mapped against the legal entities to make sure no significant risks are missed:

Licensed activities and subsoil use Environmental management (ecology) Sanctions compliance Anti-monopoly compliance Tax compliance Fire supervision, emergency protection Labor and industrial safety Covenant compliance Economic and information security, state secret Land and property relations Construction and reconstruction of hazardous facilities Physical security of production facilities and vehicles
Group of companies
Legal entity 1

X

X X X
Legal entity 2

X

X

X

X

X

X

X

X

Legal entity 3 X X X X

X

Compliance risks can be documented in a manual or online risk register for further analysis.

To be continued…

 

RISK-ACADEMY offers online courses

sample85
+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

19,999,99
sample85
+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

199,999,99
sample85
+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.

19,999,99

2 thoughts on “Compliance Risk Management – Risk identification

  1. You truly said risk related to compliance or contractual matters, including risks from or to third parties where there may be no contractual relationship but where there may be a possibility of litigation or other action depending on that third parties’ contractual requirements with their stakeholders.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.