Saturday, June 9, 2012

Compliance & Risk Management, Sisters or Cousins

5:20 PM  Pearl Zhu  13 comments

Managing compliance is a risk, it is a sub-set of operational risk.

From Wikipedia:  Risk management is the identification, assessment, and prioritization of risk effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. (Wikipedia:)

Compliance means conforming to a rule, such as a specification, policy, standard or law.
Compliance with statutes 
Compliance with regulations 
Compliance with contracts (customer, vendor, supplier (licenses)) 


Strategic Value & Operational Mechanism

 - Risk, at the Board level, requires a strategic and forward-looking perspective, dealing in uncertainty, if it is to add real value - challenging accepted wisdom, 'thinking the unthinkable' and asking the unpalatable question. Increasingly we need to view that strategic risk is a topic for the full board - not only to identify and address key risks but to understand and convert the best of them to opportunity (the creative side of risk management) for new initiatives and progress. The role of the board is not about 'risk management, more on providing 'risk governance.'

 -Compliance: Compliance may also need to look at the outside world as well. Compliance is or should be more than just looking at internal directives. It is also about looking at how the world and society are developing itself. Compliance is very much a strategic issue and companies that do not recognize this are blindfolding to a great extend. Now more than ever, as the world has become significantly ‘smaller’ due to modern social media and interdependent relationships. A good example is ‘durability’ and ‘green’. The board should take this into consideration regarding external social and political developments. Ensuring and overseeing compliance is an essential part of board’s role, as a good reputation to be seen as a good corporate citizen is one of the biggest assets of a company and most definitely a value creator

 Operational Mechanism
 -Risk Management is the decision mechanism that should be integrated within all management decision trees including those that impact 'Compliance'. Contracts and Compliance decisions aren’t made without weighing the positive risk versus negative risks

-Compliance risk at the operational level is a mostly unrewarded risk, something you have to do to keep the regulator of your back to ensure your business maintains its license to operate. Most of the time you are avoiding penalties and fines when it comes to being compliant,  in this regard, compliance is “must-have” to keep your business light on.

Businesses are focused on risk management and corporate governance as a means of setting guidelines. Both are critical business functions whose responsibility resides with the board and senior executive teams to the point of liability and individual risk.


  Intertwined Relationship Between Compliance and Risk 


As part of the effort to run a successful business, we have to manage risks to business operations with an eye on strategic planning. Requirements to ensure legal compliance are another component of the company’s risks.  The challenge is ensuring that the people authorized to make decisions on behalf of the company are able to view the organization and the risks to the organization holistically.

There needs to be a balance and thoughtful approach to manage the risks that could interrupt or negatively impact business, which includes compliance risk. That said, the overarching risk management program should consider compliance risk as part of the enterprise view of risks. Also, utilize the Risk Management processes at its core and running through all activities whether by the compliance function or the businesses.

The debate here is: should compliance and risk be treated as sisters to live at the same roof or as separated cousins to visit each other once a while?

 The point of Convergence:

 At some organizations, compliance functions say that they never talk to their cousins of Operational Risks; and very often compliance officers who come from a legal environment don't have a smattering of risk management, not to mention statistics or math. Actually from the company's risk management point of view, such compliance, we may not say, it’s useless, but very limited: How do they cover the areas that cross over?  How well they cover the gaps? Can you really understand the risks in a solution if you don't understand it from end to end? 

Managing compliance is a risk, it is a sub-set of operational risk. It is such a large area of risk that most companies have a group dedicated to it, which may create the impression that it is somehow a separate discipline, but it isn't. It's just one risk area that is large enough that it justifies dedicated staff.


  • The Counter-point:
 Sadly we have seen too many companies pay the price for grouping Risk with Compliance, and limiting their thinking to the short term, internal perspective. Separation of the Risk and Compliance functions in most organizations should provide the necessary "four eyes" checks and balances to optimize risk mitigation within a firm. This does not mean, however, that there should not be close co-operation between the two areas. Unfortunately, at this point in larger organizations, power politics and point-scoring often get in the way of common sense and what is best for the organization!

 Unification Point: The organizational structure may be situational, but we need to have known risks as a part of the compliance process. And also draw compliance parameters for risk management. Either as sisters or cousins, risk and compliance should work really closely in order to create value. Possibly, more important, they should use the same (risk) methodologies and talk the same language.
           
For compliance & risk management professionals, one should be aware that compliance is not just about the letter of the law/ regulation, but also very much about the spirit of the law/regulation. Unwritten rules, based on common decency, mutual respect and integrity should play an equally important role, next to the ‘hard’ compliance.

Posted in: ,,

13 comments:

With havin ѕo muϲh content do you еver гun into
aոy prօblems of plagorism or copyright infringement? Ϻy website has a
lot of unique content Ӏ've eіther authored myѕelf or
outsourced Ьut it seems а lot of it iѕ popping іt up all ovеr the web without mү authorization.
Ɗo yoս know any techniques to help protect agaiոst content fгom Ƅeing stolen?
Ӏ'd genuinely appreciɑte it.

http://endever.net/index.php?do=/profile-32189/info/

Informative blog!
A leading compliance management firm offers Compliance services focusing on Labour Law Compliance, Industrial Licenses, Consultation/Audit, Establishment, Factory & Mines, Contract Labour Compliance, Flexi Staff, Payroll & Payroll Processing Compliance.

A very informative blog. I have also gathered some information on compliance risks. Feel free to read - https://www.shieldfc.com/resources/blog/lessons-learned-from-the-1st-line-risk-control-professionals-deep-dive/

A very informative blog. Aparajitha provides compliance advice regarding the applicability of numerous labour and industrial laws. Auditing compliance risks, managing Compliance Risk Management, consulting on minimum wage, employee compensation, and liabilities for gratuities, ESI, EPF, and bonuses.

This comment has been removed by the author.

VCompliance Risk Audit Services are important for any business or industry that handles sensitive information, and this applies to financial institutions, healthcare organisations, manufacturers, technology companies, and retailers. Our experts at Aparajitha do a consultation on the applicability of various Labour & Industrial Laws.

Aparajitha’s Contract Labour and Vendor Compliance Services are designed for all stakeholders, i.e., the principal employer, the contract workforce, and the contractor. Some of the consequences of vendor non-compliance are fine/imprisonment and prosecution of the employer or board of directors.

The revised minimum wage for shops and establishments in Maharashtra is effective from 1st January 2023 and employers are advised to pay arrears based on the notification attached. The total per month column mentioned below includes Basic and VDA only, but the HRA component may be used for arriving at overall wages

Thanks for sharing such amazing information. Aparajitha's Contract Labour Compliance help organisations comply with various labour laws and regulations for hiring contract workers. Non-compliance with labour laws and regulations can result in legal penalties, reputational damage, and operational disruptions.

This comment has been removed by the author.

Every small business needs Establishment Compliance Services to comply with local and state regulations, whereas larger companies require such services to manage compliance across multiple business units. Aparajitha's Establishment Compliance Services offer end-to-end compliance support, from registration of an establishment/branch to tech assistance.

Your insights on how compliance and risk management can be viewed as sisters, rather than opposites, shed new light on these critical areas of business. Additionally, the mention of the beyond van gogh coupon code adds an unexpected yet fascinating dimension to the discussion.

Your blog post has challenged conventional thinking and highlighted the importance of creativity in this domain. With the addition of the chicks discount saddlery, we are reminded of the power of art and inspiration in expanding our perspectives and driving innovative solutions.

Post a Comment