RC: In your opinion, how important is it to incorporate robust ethics, integrity and compliance standards into risk management strategies?

Penman: It is very important. Robust ethics, integrity and compliance programmes are critical elements of any enterprise risk management (ERM) strategy. It is clear from all of the best practice guidelines and regulatory guidance that a strong and effective ethics and compliance programme is expected to be built on a foundation of a comprehensive ethics and compliance risk assessment. Compliance programme elements should then be specifically designed to mitigate the key risk areas identified as part of an overarching risk assessment and strategy process. It is also important to recognise that risk management goes beyond ethics and compliance, and gets into areas of operational risk, reputational risk and financial risk. These risks are typically addressed holistically through an ERM process where compliance is one aspect of the review. Today, many organisations are now also appointing chief risk officers (CROs), and if that person is not the CCO, the two of them should be joined at the hip.

Apr-Jun 2017 Issue

NAVEX Global