One important subtopic in the discipline of enterprise risk management is compliance risk management. Businesses around the globe must constantly navigate a web of compliance-related risks—a web that is gaining complexity every day as organizations and people become increasingly interconnected with one another.

Deloitte has leveraged its knowledge in the area of “Risk Intelligence” to publish literature on the topic of compliance risk; this recent e-booklet presents a comprehensive enterprise compliance framework. That is comprised of three major sections:

• Environment

• Execution

• Evaluation

The “Environment” section focuses business leaders on gaining an overall understanding of the compliance issues facing their organizations.

The “Execution” section of the framework explains the various components necessary to institute and run an enterprise compliance program, including issues such as establishing accountability for compliance issues, educating personnel on the organization’s compliance concerns and objectives, and even responding to instances of non-compliance.

The “Evaluation” section describes the features of the enterprise compliance program necessary to identify and assess compliance risks and to monitor the performance of the compliance program as a whole.

Each of the three major sections in the framework is divided into various subtopics. Each subtopic includes a set of critical thinking questions for readers to ask themselves about their own organizations. The questions force business leaders to think about the enterprise compliance process itself (e.g. how it’s designed, why it works or doesn’t work, who’s involved, etc.). This exercise of asking questions may help managers and board members enhance their own efforts around compliance risk management.

Take-aways

This e-book highlights key areas that should be addressed by an enterprise compliance program. If a business is able to create a well-crafted compliance process, and is able to embed the process and a sense of its importance throughout the organization, then the organization may be well-positioned to not only avoid non-compliance, but to actually be at a competitive advantage on the basis of its improved risk management process.