COMPLIANCE RISK MANAGEMENT: APPLYING THE COSO ERM FRAMEWORK
John Galarani
Compliance Officer specializing in Corporate Investigations and Governance Corporate, Risk and Compliance ( GRC)
The relationship between compliance, internal control, and enterprise risk management COSO defines internal control in Internal Control – Integrated Framework (2013) and Enterprise Risk Management – Integrating with Strategy and Performance (2017) as follows:
"A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.'"
As this definition clearly points out, internal control is not solely about accounting and financial matters. Compliance with laws and regulations is one of the three fundamental objectives of an organization’s system of internal controls.
The following five components of internal control support all three categories of objectives: ■Control environment ;
■Risk assessment ;
■ Control activities;
■ Information and communication;
■ Monitoring activities.COSO defines ERM as follows:
" The culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value."
The COSO ERM framework, like the internal control framework, comprises five interrelated components:
●Governance & culture
领英推荐
●Strategy & objective-setting
●Performance
●Review and revision
●Information, communication, and reporting
An important aspect of ERM is its focus on creating, preserving, and realizing value.
The compliance and ethics ( C&E )program supports each of these three goals. An effective compliance and ethics (C&E) program allows an organization to more confidently pursue new value creation opportunities. Further, value that has been created by an organization can quickly become impaired when accompanied by violations of laws or regulations. An effective compliance and ethics (C&E )program can preserve this value and enable an organization to fully realize it.Accordingly, the management of compliance risk is an important element of both the internal control and the broader ERM functions and processes of an organization.
Society of Corporate Compliance and Ethics (SCCE)
Health Care Compliance Association (HCCA)
John Galarani
compliance Officer
Rio de Janeiro/Brazil, Monday, August 19,2024.
Compliance Officer specializing in Corporate Investigations and Governance Corporate, Risk and Compliance ( GRC)
6 个月COMPLIANCE RISK MANAGEMENT: APPLYING THE COSO ERM FRAMEWORK