Companies are taking a closer look at how to effectively manage and mitigate compliance risks, especially at a time when many compliance programs are under the microscope from regulators while also dealing with the effects of a global pandemic.
The Committee of Sponsoring Organizations (COSO) has released a new publication, “Compliance Risk Management: Applying the COSO ERM Framework,” which describes the application of the COSO Enterprise Risk Management framework to the management of compliance risks.
For many years, compliance professionals have used a widely accepted framework for compliance and ethics programs, based on the U.S. Federal Sentencing Guidelines as well as global legislation, to prevent and timely detect noncompliance and other acts of wrongdoing. Risk management professionals have used the COSO ERM Framework to identify and mitigate enterprise risks, including compliance risks.
The publication, authored by the Society of Corporate Compliance and Ethics & Health Care Compliance Association, describes the characteristics of effective compliance programs associated with each of the five components and twenty underlying principles of COSO ERM framework. A significant aspect of ERM is its focus on creating, preserving, and realizing value. Effective C&E programs contribute to each of these objectives.
“Compliance risks are common and frequently material risks to achieving an organization’s objectives,” said Paul Sobel, COSO Chairman. “This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment, and management of compliance risks by aligning it with the C&E program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks.”
The report points out that a governing board of directors and all employees have compliance-related responsibilities, and compliance risk often extends to activities carried out through third parties. The compliance function leads the development of the C&E program and works closely with business units in its execution. But the program must receive the support of senior management and the board of directors in order to be successful.
“As compliance and ethics programs continue to evolve and gain wider adoption globally, it makes increasing sense to understand and appreciate the synergies that can be achieved by applying the ERM framework,” said Gerry Zack, the CEO of SCCE & HCCA. “The goal of this publication is to facilitate this synergy by creating a roadmap between required and emerging practices for C&E programs and the COSO ERM framework.” 