Share on social networks!

Basic questions about Compliance risk management

Once the risks of Compliance of the organization, you must proceed to analysis and evaluation or assessment. To do this, you must know the inherent risk and the residual risk of each of the risks that we find in the risk map of our organization

The main objective of risk management Compliance is better understand risk exposure so that informed decisions can be made about risk management. Taking this into account, the applied methodology of risk analysis and evaluation of Compliance will be adapted to each organization and will include as many elements as the Compliance Officer consider and the Administrative Body approves. Therefore, we must keep in mind that this exercise is unique for each company and will depend on factors such as the industry, size, location, etc..

Compliance risk management system

In accordance with the provisions of ISO 31000 Risk Management: “Risk analysis can be performed with different degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information and resources available (…) The risk analysis should consider factors such as:

  • The probability of events and consequences;
  • The nature and magnitude of the consequences;
  • Complexity and interconnection;
  • Factors related to time and volatility;
  • The effectiveness of existing controls;
  • The levels of sensitivity and trust.”

On the other hand, ISO 31000 itself tells us that the objective of risk assessment is “support decision making. “Risk assessment involves comparing the results of the risk analysis with established risk criteria to determine when additional action is required.”

Therefore, during the risk analysis and assessment, we will determine the probability that risks materialize and the consequences that the organization would have to face in this case. This forecasting exercise will inevitably be carried out taking into account the level of inherent (also called gross) and residual (or net) risk of each of the risks that make up the organization's risk universe.

Compliance Coordinator at Management Solutions

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment