Implementing frameworks for effective risk management and compliance

Compliance expert, Tom Fox, recently sat down with folks from Diligent to look at key compliance issues we’ll face in 2024. The Diligent sponsored series, titled “Compliance professionals adapting to change: Industries, regulations, and beyond,” Features conversations with experts Nicholas Latham, Renee Murphy, Jessica Czeczuga, Yee Chow, and Alexander Cotoia.

He explored topics like compliance communications in regulated industries, managing conflicts of interest at the board level, navigating the current ESG landscape, professional growth and mentorship in compliance, and more.

Here, we’ll explore key takeaways from the first conversation with Latham, Client Partner at Diligent, where they discussed accounting and risk management frameworks.

Banner for ebook, Compliance professionals adapting to change

Importance of risk assessment frameworks

One of the most significant takeaways from the discussion was the importance of risk assessment frameworks in identifying and mitigating risks within organizations. Latham highlighted the COSO Framework for Internal Controls and ISO 31,000 as two widely used frameworks that provide a comprehensive approach to risk management. These frameworks help organizations establish effective communication processes and gain a holistic view of risk across different departments.

The COSO Framework for Internal Controls emphasizes the need to assess an organization’s control environment, determine risk appetite, and identify crucial risks for the business’s success. Information and communication processes, including training and monitoring activities, are then built around these assessments to ensure effective risk management. The relevance of the “Single Pane of Glass” concept was also discussed, which aims to provide a unified view of an organization’s operations and risk management, flattening hierarchical structures and promoting transparency.

Throughout the discussion, we also highlighted the challenges associated with compliance communication issues, particularly in e-communications. Latham emphasized the importance of setting the tone at the top, with executive leadership emphasizing the criticality of compliance and its impact on the organization and its customers. Training plays a crucial role in ensuring compliance, but Latham noted that the amount and frequency of training in today’s environment may not be sufficient. He emphasized organizations must intensify training efforts and prepare for stricter regulatory scrutiny.

Furthermore, monitoring e-communications poses a significant challenge due to the sheer volume of interactions. Latham suggested leveraging artificial intelligence (AI) to analyze a larger sample of communications and identify potential risks. This approach could help organizations identify improper processes, training gaps, or script issues that may contribute to compliance breaches.

Building compliance expertise

As compliance professionals, it is imperative that we have a strong understanding of risk assessment frameworks, such as the COSO Framework for Internal Controls and ISO 31,000, as this highlights the importance of comprehensive risk management practices. The “Single Pane of Glass” concept and the challenges associated with compliance communication issues provide valuable guidance for organizations navigating the complex landscape of risk and compliance.

As regulatory scrutiny continues to increase, our expertise as compliance professionals will continue to serve as a valuable resource for organizations seeking to enhance their risk management practices and ensure compliance in an ever-evolving technological landscape.

Are you ready for purpose-driven complianceRequest a demo to learn how Diligent equips leaders with the tools to build, monitor and maintain an open and transparent ethics and compliance culture.

Be sure to check out our next blog in this series, where we discuss the risks and consequences of board-level conflicts.

Contact us banner for getting in touch with one of GRC specialists
Share This