A recommendation – one that’s becoming a common theme – by an influential organization that guides companies on ERM advises organizations to foster closer alignment between compliance departments and risk managers.
The Committee of Sponsoring Organizations (COSO) of the Treadway Commission issued the guidance recommendation in its 2020 report, “Compliance Risk Management: Applying the COSO ERM Framework.”
COSO’s advice, which is followed closely by public companies, is aimed at helping boards of directors and management better identify, monitor and mitigate compliance risks. The report, commissioned by COSO, was jointly published in November by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA).
The guidance encourages organizations to better coordinate risk management, compliance and ethics functions to strengthen protections against legal and regulatory pitfalls.
The report describes the characteristics of effective compliance and ethics programs associated with each of the five components and 20 underlying principles of COSO’s Enterprise Risk Management (ERM) framework. A significant aspect of ERM is its focus on creating, preserving and realizing value. Effective C&E programs contribute to each of these objectives.
“This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment and management of compliance risks by aligning it with the C&E program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks,” Sobel said in a prepared statement.
The compliance risk management publication provides guidance for risk managers, internal auditors, compliance professionals and others directly involved in managing compliance risk, as well as to assist members of senior management and boards of director in understanding their roles in compliance risk management.
“The goal of this publication is to facilitate this synergy by creating a roadmap between required and emerging practices for C&E programs and the COSO ERM framework,” said Gerry Zack, the CEO of SCCE & HCCA.