BREAKING DOWN SILOS: COLLABORATION IS KEY TO MANAGING COMPLIANCE RISK

In today’s increasingly complex regulatory landscape, organisations face a growing challenge: identifying, assessing and managing compliance risks that are increasingly deeply interconnected. Nowhere is this more evident than in managing third-party risk, a domain consistently at the centre of major enforcement actions under the US Foreign Corrupt Practices Act (FCPA).

Historically, organisations have relied on separate functions – compliance, internal audit and enterprise risk management (ERM) – to address different aspects of risk. However, as regulators and enforcement agencies sharpen their focus on systemic weaknesses and holistic governance failures, siloed approaches are no longer sufficient. Instead, organisations must adopt integrated and collaborative models that unify these functions to achieve a comprehensive and consistent view of compliance risk.

Compliance, internal audit and ERM functions traditionally operate with distinct mandates. Compliance focuses on adherence to laws, regulations, company policies and ethical standards. Internal audit provides independent assurance regarding the effectiveness of controls. ERM identifies and assesses enterprise-wide strategic and operational risks.

Although each function is critical, a lack of structured collaboration can result in duplicative risk assessments, inconsistent risk ratings or taxonomies and gaps in risk coverage.

Research on ‘connected risk’ highlights that organisations frequently struggle to identify interdependencies among risks due to siloed systems, inconsistent frameworks and limited information sharing.

These challenges are particularly acute in third party risk management (TPRM), where responsibility may be fragmented across procurement, legal, compliance, cyber security and operational teams.

Jul-Sep 2026 Issue

McDonald’s Corporation

Join our free mailing list to read the full article