With the increase in global regulations and directives and the rising expectations of various stakeholders, companies are exposed to greater compliance risk than ever before. The risks that can result from potential compliance violations can be financial or organisational and can damage a company's hard-earned reputation.
So what should companies do? Companies should carry out risk assessments to identify and manage different types of organisational risk. The compliance risk analysis is also recommended on the basis of ISO 19600 and IDW PS 980. The German Corporate Governance Code recommends the analysis of compliance risks as the basis for a compliance management system.
Different types of risks that affect different parts of the company can be examined: these include strategic, financial, legal and personnel compliance risks to which the company is exposed. The probability of a risk occurring, the reasons for it and the potential severity of the possible effects must be taken into account. For example, companies should keep a close eye on which competition or anticorruption laws apply in which countries and what the obligations are.
It is advisable to create a framework for this, in which to enter the risks of different areas of the company, the possible risks and the assessment of these risks. The development of such a framework and methodology can help companies to determine the extent to which risk mitigation activities (e.g. through employee training) are able to reduce risk. A Compliance Management System can be helpful here to map and document all components in a digital system.