Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Risk Management > Compliance and Governance - Relationship to RM > Flashcards

Compliance and Governance - Relationship to RM Flashcards

1
Q

What is compliance significant in terms of RM?

A
  1. Organisation’s risks are managed by its employees, at all levels, taking or controlling risks.
  2. COMPETENT employees, who comply with prevailing requirements, may add organisational value.
  3. INCOMPETENT employees, who do not comply with prevailing requirements, may erode organisational value or create risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are six compliance governance risks?

A
  1. Failure to follow health and safety procedures.
  2. Diversity and discrimination issues.
  3. Bribery.
  4. Hiding control weaknesses.
  5. Failure to declare conflict(s) of interest.
  6. Fraud.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are compliance, governance and risk related?

A
  1. COMPLIANCE: RM frameworks must be compatible and COMPLY with applicable laws and regulations.
  2. GOVERNANCE: RM frameworks must fulfil stakeholder requirements and further achievement of organisational objectives, in terms of their design and implementation.

=> Weak compliance and governance can create significant organisation risk; such risk must be identified, assessed, monitored and controlled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What six features should a compliance policy have?

A
  1. Explanation of NECESSITY for the policy - more likely to be followed.
  2. BOARD/top-down support - more likely senior management/staff will follow policy.
  3. Relevant RISK MANAGEMENT PRINCIPLE(S) (e.g. environmental protection; health and safety).
  4. Personnel ROLES and RESPONSIBILITIES.
  5. SANCTIONS for non-compliance - EMPLOYEE and ORGANISATIONAL CONSEQUENCES.
  6. Provision for PERIODIC REVIEW.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What three forms of compliance are there?

A
  1. Compliance with organisation’s INTERNAL POLICIES and PROCEDURES.
  2. Compliance with APPLICABLE LAWS and REGULATIONS.
  3. Compliance with elected GUIDANCE, STANDARDS, GUIDELINES and CODES OF CONDUCT (e.g. ISO 31000:2018).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What three forms of compliance are there?

A
  1. Compliance with organisation’s INTERNAL POLICIES and PROCEDURES.
  2. Compliance with APPLICABLE LAWS and REGULATIONS => IMPOSED STANDARD / LITTLE COMPLIANCE DISCRETION.
  3. Compliance with elected GUIDANCE, STANDARDS, GUIDELINES and CODES OF CONDUCT (e.g. ISO 31000:2018) => VOLUNTARY / OFTEN MORE COMPLIANCE DISCRETION.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What three mechanisms exist for enforcement of compliance standards?

A
  1. Compliance management policies and procedures - e.g. expected behaviours; role and responsibilities.
  2. Compliance reporting and escalation processes:
    - Periodic reporting generally prepared by co-sec or governance professional.
    - Reporting given to board of prevailing requirements, attendant control measures and effectiveness of the same (via evidence).
    - Escalation processes communicate ineffectiveness of controls - may arise from audit finding, compliance control checks or whistleblowing.
  3. Compliance training and communication:
    - Training to convey importance of complying with laws and regulations, and operating compliance controls effectively.
    - May be delivered internally or outsourced.
    - Multiple communication media possible - emails, memos, team discussions, away-days - with varying success degrees.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the compliance function’s six key roles in terms of risk-based compliance?

A
  1. Remaining current with legal and regulatory changes.
  2. Informing managing about new legal and regulatory changes.
  3. Communicating with legal agencies and regulators.
  4. Monitoring effectiveness of compliance procedures and controls.
  5. Compliance monitoring reporting to management and the board.
  6. Collaborative and constructive response to remediate non-compliance events.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the three lines of defence approach involve in terms of RM governance?

A
  1. OPERATIONAL MANAGEMENT: Day-to-day decision-making responsibility; required to ensure decisions are compatible with organisation strategy and RM objectives.
  2. RISK MANAGEMENT: Oversight of how risks are taken, assessed and controlled; responsible for design and implementation of RM framework, and reporting to management and board.
  3. INTERNAL AUDIT: Provide board and management assurance on effective operation of RM framework; ensure design deficiencies and weaknesses are detected and corrected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do the five lines of assurance prescribed by means of RM?

A

Like three lines of defence, emphasis upon following RM actors:

  1. Work units (business/functional/departmental managers).
  2. Specialist units (risk/compliance/co-sec).
  3. Internal audit.

But additional focus on the following as risk governance proponents:

  1. CEO, managing director and/or senior directors - accountability for implementation of a suitable RM framework, aligned to organisational strategy, given their origination of most value-creating and -destroying risks.
  2. Board of directors.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the responsibility of the board for risk, governance and compliance?

A

UK Corporate Governance Code provides that:

  1. Board is responsible for determining NATURE and EXTENT of PRINCIPAL RISKS the organisation may take in pursuit of its strategic objectives.
  2. Board should maintain sound RM and internal control frameworks.
  3. NEDs should satisfy themselves that the RM framework and financial controls are DEFENSIBLE and ROBUST.
  4. If appropriate, empanel a board-delegated AUDIT COMMITTEE to review FINANCIAL CONTROLS, together with INTERNAL CONTROLS and the RM FRAMEWORK (unless a risk committee exists).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What guidance does ISO 19600:2014 provide in terms of compliance management systems?

A

Four-step process governing the deployment of compliance management systems:

  1. PLAN - Establish decision objectives and necessary processes to deliver required results (e.g. re. legal or regulatory compliance).
  2. DO - Implement planned processes and check outcomes.
  3. CHECK - Study results of ‘DO’ phase and compare against PLAN phase expectations.
  4. ACT - Establish new baseline if results are BETTER/EQUAL to previous outcomes. If not, determine means of IMPROVEMENT.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To what extent may governance, risk and compliance be integrated?

A
  1. LARGER ORGANISATIONS may integrate governance, risk and compliance functions and frameworks into a WIDER, OVERARCHING FRAMEWORK.
  2. A coordinated and integrated approach provides LESS SCOPE FOR ERROR and DUPLICATION (re. siloed approach).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Risk Management (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions