Since the publicity of numerous corporate scandals, the interest in compliance and ethics has created an important role for senior management to incorporate preventive maintenance measures for risk assessment and ethical violations. This is a change for senior management because past responsibility was placed upon the legal department. Most recently, some of the guidelines and mandates listed below from the federal government and ethics groups are helping to drive the interest even further.
- SOX Act of 2002 requires a yearly report to include the responsibility placed upon management to attain regulatory compliance in the areas of risk assessment and controls.
- Federal Sentencing Guidelines were changed to include a section on risk assessment.
- COSO’s framework for compliance monitoring and regulatory reporting.
- OCEG’s guidelines for analyzing events that may avert the objectives of firm’s compliance and ethics program.
- Regulatory compliance and/or advertising issues in Medicare, food and pharmaceutical industry, capital requirements of Basel II, and the Kyoto protocol.
Aon’s compliance and ethics risk assessment process includes four phases. First, risk identification is used to recognize risks by performing internal interviews with various personnel to get input on what risks may emerge and who they feel should be responsible for risk management. Second, risk prioritization is used to map out serious threats. Third, critical risk analysis takes risks a step further by evaluating anything that may be threatening and using the information for decision making. Finally, the last phase or implementation is used as Aon’s main strategy for compliance and ethics management.