Companies are increasingly asking their risk leaders to move into areas traditionally outside the realm of insurance, claims and risk control. This session at the RIMS 2017 Annual Conference and Exhibition illustrated how to take on the responsibilities and the knowledge that come with new duties in governance, compliance, ethics and audit.
- Lance Ewing, EVP Global Risk Management, Cotton Holdings, Inc.
- Jennifer Santiago, Director Risk Management & Investigations, Novartis Pharmaceutical Corporation
Corporate governance is a system of rules, practices and processes by which a company is directed and controlled. Governance is a key element of risk management as it relates to the fabric of risk-based decision making, but are you governing in line with the company’s ethical principles?
Corporate compliance is an organization’s policies, procedures and activities to help prevent and detect violations of laws, regulations and company policies. Do your compliance programs effectively detect unethical behavior and gaps in governance and compliance? Also, are governance and compliance risks captured in your Enterprise Risk Management (ERM) program?
Enterprise risk management is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks an an interrelated risk portfolio. Are governance and compliance risks included in your ERM program? How do internal audit and risk management interact?
Internal audit is an organization’s independent assurance that its governance, risk management and internal control processes are operating effectively. What the control failures in governance, compliance and risk management? Does internal audit provide an independent view on credibility and reliability of the risk management information submitted to the Board Audit and Risk Committee?
In the ideal world, there is a natural flow through governance, risk and compliance (GRC). Governance sets objectives and directs the organization, setting the context for risk management. Risk management aims to understand and minimize uncertainty in those objectives and reduces exposure to loss while maximizing performance. Compliance assures that the organization operates with integrity to the boundaries established in organizational values, policies, regulatory and legal requirements as well as boundaries set by risk limits and thresholds. However, in many organization, these functions are often operating in isolation, producing redundancy and gaps, while remaining ignorant of the interrelationship of risk across silos.
Creating a risk and compliance partnership is critical. There are several ways to learn more about each discipline:
- Learn more about ethics and compliance through conferences and webinars. You can also join the SCCE.
- Learn more about GRC through conferences and webinars. You can also join the OCEG.
- Spend time internally with compliance, internal audit and governance leaders in your organization.
- Tell your direct report that you want to build a bridge to compliance and governance.
- Establish and work within an ERM framework.