This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Although inconvenient to admit, a compliance program is less to ensure obedience to the law than to deflect unwanted attention from an institution's activities…..
The crucial step of determining what constitutes compliance involves interpretation and judgment…..
Compliance programs are good for an institution in the way that paying protection money is good for a business squeezed by the mob. If have them we must, let us recognize that the value lies in keeping the barbarians outside the gate.Kevin R. Davis is a university counsel and a senior lecturer in philosophy at Vanderbilt University.
Grounding Compliance In Risk Management Will Help The Image
• Risk Assessment:– Estimating the probability of an event occurring and the magnitude of effects if the event does occur. (Probability x Loss)
• Risk management: Process of identifying, assessing, and controlling risks arising from operational factors and threats and making decisions that balance risks and costs with mission benefits. From the US Army
Compliance: Adherence to a set of rules, processes or procedures to control or mitigate risk that is determined
ERM: Latest Rage or Rubik's Cube?“… a process, effected by an
entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
• Risk AssessmentWhat are the risks?What would the impact be if it happened?How likely is it to happen?What is the overall risk given the impact and likelihood? (risk rating)
• Risk ManagementRisk How can we mitigate it?Who and when can we mitigate it?What is the ongoing risk and how do we monitor it?
What is the progress of our assessments?What are we assessing and how?What are the business risk to our strategies, finances and organization?What are the compliance issues?What are our significant risks, scenarios or risk events?How significant are these risks and what is the impact? How should we manage these risks?How should we monitor these risks
Charts Sources: MediRegs and Chief Security Officers.com