The larger and riskier the company, the more extensive the compliance requirements. Conversely, the smaller the size of the company and its risks, the lower the compliance requirements. This also affects the cost intensity of Risk Advisory & Compliance.
The implementation of a sound risk analysis is indispensable for the establishment of an appropriate and effective Compliance Management System (CMS). It is the basis for defining the required compliance culture and the compliance goals to be achieved with it in order to be able to adequately counter compliance risks and to develop an adequate and effective compliance Programme with the corresponding compliance system.
It is essential to define the compliance communication channels within the company's corporate governance that ensure the effectiveness of a CMS. Compliance management systems must then be continuously monitored and, if necessary, improved.
Necessary Risk Advisory & Compliance Steps at a Glance
- Basis for the adequacy and effectiveness of the CMS
- Attitude and behaviour of management ("Tone from the Top")
- Definition of the main objectives to be achieved with the CMS
- Determination of the relevant sub-areas and rules to be observed
- Identification of the most important compliance risks
- Systematic risk identification with risk assessment
- Introduction of principles and measures to minimise risks on the basis of identified risks
- Roles and responsibilities
- Organizational structure and procedures
- Resource planning
- Informing affected employees and stakeholders about the compliance programme
- Definition of the reporting path for identified risks, etc.
- Monitoring adequacy and effectiveness (incl. reporting)