HARMONISING ENTERPRISE POLICY GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS INTO ONE HOLISTIC ASSURANCE FRAMEWORK
In today’s rapidly evolving business landscape, organisations are faced with a variety of challenges that demand an integrated approach to enterprise policy governance, risk management and internal controls.
As such, it is crucial to recognise the wide range of risks that are subject to increasingly stringent regulations. An example of such regulation includes trade sanctions and export controls, which gained prominence due to the escalation of recent geopolitical tensions and the rise of domestic protectionism.
Additionally, enhanced data security risks related to digital and artificial intelligence, along with forthcoming legislation in environmental, social and governance, are also noteworthy examples. Thus, siloed approaches are no longer sufficient to address the complexities of modern enterprise operations and the constant evolution of risk areas impacting global organisations.
Instead, what is needed is a framework where new risk areas can be seamlessly assimilated based on a simple set of criteria, rather than creating governance silos.
The ‘chicken or the egg’ in risk, policy and controls management
In the realm of risk, policy and controls management, determining the starting point is crucial. Should it begin with process mapping to understand, document and internally align the exact workflow to ensure clarity and alignment? Or is it more effective to start by identifying inherent risks that dictate which processes require documentation?
Ultimately, the fact remains that there is a high interdependence between understanding inherent risks and implementing relevant controls, which should be comprehended through solid process mapping and requirements documented in enterprise policy documents. The key is to integrate these elements seamlessly, to establish a comprehensive and effective management system.
Apr-Jun 2025 Issue
Novartis International AG