Last week, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released a new publication, called “Compliance Risk Management: Applying the COSO ERM Framework,” which describes the application of the COSO Enterprise Risk Management (ERM) framework to the management of compliance risks. Many companies are taking a closer look at these issues in light of the severe demands being placed on compliance systems during the COVID-19 pandemic.
Among the recommendations of the report are:
1. Promote better alignment among risk management, compliance and ethics functions, in order to strengthen protections against legal and regulatory pitfalls. The compliance organization should not be "siloed," in isolation from the rest of the corporation.
2. The chief compliance officer (CCO) should have an "open and direct line of communication with the board," in order for oversight to be exercised properly.
3. The compliance group, and the CCO in particular, should have an appropriate level of involvement in the organization's strategy-setting process to allow the timely identification of, and development of plans to manage, any compliance risks that emerge from changes in strategy.
COSO's guidance is essential reading for companies seeking to navigate the tricky shoals of compliance in the current environment.
“The compliance function should always be prepared to serve an overarching role or to step in to assist or address issues if the others are unable or unwilling to properly manage the risk,” the guidance said.