Implementing frameworks for effective risk management and compliance
As part of a special podcast series, I recently sat down with several folks from Diligent to look down the road at key compliance issues we’ll face in 2024. The series, titled “Compliance professionals adapting to change: Industries, regulations, and beyond,” is sponsored by Diligent and features conversations with experts Nicholas Latham, Renee Murphy, Jessica Czeczuga, Yee Chow, and Alexander Cotoia.
We explored topics such as compliance communications in regulated industries, managing conflicts of interest at the board level, navigating the current ESG landscape, professional growth and mentorship in compliance, and much more.
Here, we’ll explore key takeaways from my first conversation with Latham, Client Partner at Diligent, where we discussed accounting and risk management frameworks.
Importance of risk assessment frameworks
One of the most significant takeaways from our discussion was the importance of risk assessment frameworks in identifying and mitigating risks within organizations. Latham highlighted the COSO Framework for Internal Controls and ISO 31,000 as two widely used frameworks that provide a comprehensive approach to risk management. These frameworks help organizations establish effective communication processes and gain a holistic view of risk across different departments.
The COSO Framework for Internal Controls emphasizes the need to assess an organization's control environment, determine risk appetite, and identify crucial risks for the business's success. Information and communication processes, including training and monitoring activities, are then built around these assessments to ensure effective risk management. The relevance of the "Single Pane of Glass" concept was also discussed, which aims to provide a unified view of an organization's operations and risk management, flattening hierarchical structures and promoting transparency.
Throughout our discussion, we also highlighted the challenges associated with compliance communication issues, particularly in e-communications. Latham emphasized the importance of setting the tone at the top, with executive leadership emphasizing the criticality of compliance and its impact on the organization and its customers. Training plays a crucial role in ensuring compliance, but Latham noted that the amount and frequency of training in today's environment may not be sufficient. He stressed the need for organizations to step up their training efforts and be prepared for increasingly stringent regulatory scrutiny.
Furthermore, monitoring e-communications poses a significant challenge due to the sheer volume of interactions. Latham suggested leveraging artificial intelligence (AI) to analyze a larger sample of communications and identify potential risks. This approach could help organizations identify improper processes, training gaps, or script issues that may contribute to compliance breaches.
Building compliance expertise
As compliance professionals, it is imperative that we have a strong understanding of risk assessment frameworks, such as the COSO Framework for Internal Controls and ISO 31,000, as this highlights the importance of comprehensive risk management practices. The "Single Pane of Glass" concept and the challenges associated with compliance communication issues provide valuable guidance for organizations navigating the complex landscape of risk and compliance.
As regulatory scrutiny continues to increase, our expertise as compliance professionals will continue to serve as a valuable resource for organizations seeking to enhance their risk management practices and ensure compliance in an ever-evolving technological landscape.
Are you ready for purpose-driven compliance? Request a demo to learn how Diligent equips leaders with the tools to build, monitor and maintain an open and transparent ethics and compliance culture.
Be sure to check out our next blog in this series, where we discuss the risks and consequences of board-level conflicts.
