THE ROLE AND MINDSET OF BUSINESS STEWARDS WITHIN AN INTEGRATED ASSURANCE MODEL

When companies transition from traditional compliance to an integrated assurance model, an isolated and compartmentalised strategy and organisational setup for handling ethical, risk and compliance topics is no longer sufficient to foster trust with internal and external stakeholders.

Instead, we need a comprehensive and consistent system connecting the four dimensions of governance, enterprise risk management, compliance and internal controls. Integrated assurance should be driven by a function, independent from the legal department, with sufficient authority and resources, based on a mandate from the board of directors.

This function does not ‘own’ ethics but rather facilitates dialogue within the company about ethical challenges and dilemmas, while embedding ethics and integrity within the assurance framework. As a practical example, the responsible use of artificial intelligence (AI) needs a comprehensive set of ethical commitments which forms the basis of a practical and not too bureaucratic AI risk and compliance framework.

Considering the characteristics and attitude of individuals involved in integrated assurance functions, what profile and mindset do they need?

The evolution of risk and compliance professionals

Around 20 years ago, risk and compliance professionals often had a reputation for being ‘police officers’ or ‘controllers’. Risk managers often belonged to the finance organisation, both organisationally and professionally. Even today, many companies still assign the risk management function to the finance organisation, which leads to a primarily number-driven approach to risk management based on (financial) controls.

Oct-Dec 2024 Issue

Novartis