RISK INTELLIGENT COMPLIANCE

R&C: Could you explain why companies need to take a systematic approach to identifying and assessing risks? How can risk intelligent compliance help in this regard?

Shih: In today’s increasingly complex and interconnected operating environment, companies need to take a systematic approach to identifying and assessing risks. After all, no risk, no reward – companies generate profit by making risk-based decisions. With companies having access to large amounts of internal and external data, risk intelligent compliance allows them to leverage this data to review all relevant risk factors, prioritise based on the highest risks, and use the outputs for informed decision making. Risk intelligent compliance helps companies to ensure consistency, so the entire company follows the same risk criteria and scoring methodology, enabling leadership to have a comprehensive view of the risk landscape and control environment. It can also help to improve efficiency, as the information gathered can be used by multiple stakeholders, thereby reducing duplicative efforts across the company. Additionally, risk intelligent compliance will help streamline processes and control optimisation, thus reducing inefficiencies and redundant controls, leading to cost savings.

R&C: In your experience, do most companies tend to lack a well-defined system of risk governance, or have established risk governance in silos rather than at the enterprise level?

Ruiz: Most organisations focus on growth and building toward success. Attention to risk management activities tends to be reactive, and risk functions need to be developed in response to internal or external loss events. Due to the tactical approach many companies have, risk management tends to be in silos and focused on function or area, rather than at the enterprise level. As organisations grow and mature, enterprise-wide risk governance activities tend to become more prevalent because an enterprise-wide approach can yield greater efficiencies and cost-effectiveness. More heavily regulated industries, such as the financial services and healthcare sectors, also tend to have more robust enterprise risk governance.

Apr-Jun 2025 Issue

BDO USA, P.C.