Once the risks of Compliance In the organization, taking into account the analysis of controls carried out and the risk appetite that has been defined for the organization, the time comes when Senior Management must decide what attitude to take towards risk.

In this sense, the standard COSO (Committee of Sponsoring Organizations of the Treadway Commission), In its control framework it lists that the response options that Senior Management can consider in the face of risk are: avoid it; reduce it (mitigate it); share it; or accept it.

ISO 31000 Risk Management standard

The ISO 31000 Risk Management standard tells us that the options that top management has, after having identified, analyzed and evaluated the risks, are:

Avoid the risk by making the decision not to start or continue with the activity that causes the risk
Accept and even increase risk in order to take advantage of an opportunity
Eliminate the source of the risk
Modify the probability
Change the consequences
Share the risk
Maintain risk based on an informed decision.

How should organizations respond to Compliance risks?

As you can see, risk treatment consists of evaluate the options that are presented to be able to take a decision in this regard. Whether you take into account ISO 31000 or the COSO control framework, the Compliance Officer you will have to study and analyze the need to implement additional controls, either to avoid (preventing or prohibiting the performance of the activities that give rise to the risk materialising) or to reduce the risk (this could be done, for example, by eliminating the source of the risk or trying to reduce its probability or impact), to share or transfer it (by modifying contracts with third parties or subscribing to insurance policies, among others) or to accept the risk (through monitoring it).

Now, it will be important to keep in mind that the possibilities that the organization has to act against the risks, when deciding how they are going to be managed, they are not exclusive of each other, nor are they all appropriate at any time, so you must pay attention to the circumstances of each case and each moment to be able to make a decision "ad hoc".

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad