Risk Management Insights

I want to join the BLOG

12/09/2018 / Enterprise Risk Management, Risk Analytics, Compliance Management

Managing Risk with the Second Line of Defence Launchpad

The Second Line of Defence Launchpad within the Protecht.ERM system is an effective and interactive visualisation designed specifically for the Line 2 Risk and Compliance Management teams to use in their role of reviewing and challenging Line 1, together with independent reporting and escalation. Read on to find out more.

Why a Launchpad?

A Launchpad can be configured as the first screen a user sees when they log into Protecht.ERM. This ensures that users first see the most important and relevant information to carry out their responsibilities.

Read More

15/08/2018 / Risk Management, Risk Appetite, Compliance Management, Decision Making

Can I? Should I? Would I? Using compliance as a decision making tool

Compliance is the act of “conforming to rules”. Deciding to, or not to, conform to rules affects the decisions we make. Compliance is therefore an integral part of decision making.

The question is “What are the rules that we will apply in our business decisions?” These rules can come from two primary sources as described by the ISO 19600 Standard: “Compliance Management Systems”. This standard recognises two main types of compliance obligations:

• Compliance Requirements: Requirements that an organisation has to comply with. These normally arise from external regulatory requirements and contractual requirements.

• Compliance Commitments: Requirements that an organisation chooses to comply with. These are normally manifested through internal policies, practices, codes of conduct, etc. 

Read More

03/05/2018 / Compliance Management, Enterprise Risk Management

Understanding Compliance Risk

Today, corporations and government agencies are facing an unprecedented wave of regulatory obligations and increased penalties for non-compliance. The financial services sector, as an example, needs to comply with a myriad of prudential regulations, federal privacy, AML/CTF, consumer credit and protection laws to name a few. Obligation registers now contain over 1,000 entries for compliance teams to deal with. In smaller organisations, these teams are often under-resourced due to compliance being a cost centre.

In this blog, we will discuss issues around some of the complexities of effective compliance risk management.

Read More

16/01/2018 / Risk Management, Compliance Management, Protecht News & Events

Compliance Management in the Aged care industry and more topics... 'DUX Awards'

Interview with Robert James - A Personal story

As one of the leaders of Protecht, I am very fortunate for the opportunity to meet new people all the time. Those friendly conversations that happen at any major event or at any small meeting, are the interactions that shape my role and give me new perspectives on risk and compliance management. 

One of those entities that encourage valuable interactions is the Governance Institute of Australia. Twice a year I am invited by the New South Wales Chapter to present their Dux Awards for Risk and Compliance, a recognition that Protecht  has been sponsoring for the past 5 years, and has become a tradition for us to support. Coming to this event gives me the opportunity to talk to professionals from a wide number of industries and discuss the present and future of risk, compliance and governance.

Read More

20/11/2017 / Compliance Management, Risk Management, Risk Culture

Compliance Risk Management Real Example

Gorillas and Bears – Comply or Die!

The story of Harambe, the Cincinnati Zoo’s much-loved Gorilla, went global in its interest. A defenceless animal was shot and killed to save a child who had fallen into its enclosure, not to mention the trauma suffered by the child. Investigations have since found that the barrier separating the public from the gorilla was not in compliance with primate-housing standards and requirements.

This simple story serves as a reminder as to the real reason for the compliance requirements and obligations we face, that is, protection of the various stakeholders of our businesses.

Read More

12/09/2017 / ERM, Compliance Management, Risk Culture

Reputation Damage - Risk Event or Risk Impact?

Looking back over the last 12 months, corporate scandals continue with the finance industry seemingly always managing to make the headlines. Wells Fargo fake accounts in the US, CBA anti money laundering issues in Australia are two examples. The flow on effects from these scandals are often similar:

  1. Executives and CEO's involved are ushered out the door - key person risks arise.
  2. Fines were or will be imposed by regulatory agencies, which seem larger and more punitive in recent years.
  3. Class action lawsuits are attempted on behalf of disgruntled shareholders resulting in additional legal fees and potential settlement costs.
  4. Strategic growth objectives are derailed, as the companies involved need to batten down the hatches to recover from the scandal.
Read More

24/08/2016 / Compliance Management

What is the definition of Compliance? – Components.

Compliance Framework – Other components: 
Attestations, Breach Registers, Culture

In a previous article we wrote about the Key Components of a Compliance Framework and the importance of the Obligations Register and the relevant rules. We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board. 

How can we achieve this assurance?

By implementing the following components in your compliance process:

  • Attestations - Compliance questions can be created from key obligations and distributed to staff and executives for regular and periodic attestations that they are compliant with the relevant obligations or their underlying controls. (Refer Fig 1).

    The objective of these questions is twofold; firstly, to remind staff of their obligations and secondly to give comfort to Executive Management and Board that staff are being (or at least trying to be) compliant with their obligations. Attestation reporting should aggregate responses by key risks and obligations and present the trend of compliance/non-compliance over time.

    Taking this process one step further may involve providing evidence of compliance to support the attestation. This may be achieved by attaching a document or equivalent to the attestation response. 
Read More

15/07/2016 / Compliance Management

What is the definition of Compliance?

Key Components of a Compliance Framework – The Obligations Register

Compliance is an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.

The issue for an organisation is how to conform to these rules? This is the key objective of a compliance function. This blog provides an overview of one of the elements that need to be considered when building an optimal compliance function.

Understanding what the relevant rules are – plain English Obligation Registers

Before we can consider conforming to a rule, we need to comprehend what the rules are and what they mean. For external compliance, this necessitates having an understanding of relevant laws and regulations and how they apply to our organisation. This is typically achieved through an Obligations Register that contains information such as:

  • Act or regulation
  • Sections of relevant legislation
  • Penalties for non-compliance
  • Frequency that obligation occurs
  • Obligation owners and interested parties
  • Risk rating
  • Compliance status
Read More

23/03/2016 / Compliance Management, Risk and Control Self Assessment, Operational Risk

Operational Risk Management 4 –Compliance Management and Compliance Risk Management

Operational_Risk_Management_4.jpg

This is the fourth article in the series of “Learning from yourself as an expert already”. The first blog addressed Key Risk Indicators (KRI) and the second two addressed the Risk and Control Self Assessment (RCSA) process. This blog addresses Compliance Management and Compliance Risk Management.

The extent of personal compliance management depends heavily on the country in which you reside.  Some countries have few rules and nature seems to take care of itself. Other countries have many laws and regulations over personal behavior from strictly enforced speed limits to drinking laws. As an Australian, I am more used to the latter, Australia, and New South Wales in particular, is often now referred to as the “Nanny State”!  Regulatory compliance requirements are everywhere!

The starting point for compliance in your personal life is, therefore, to understand the laws and regulations that are applicable to you. These are often written in a way that is not easily understood and we have to interpret into plain English as to what it really means to us. Ignorance of the law, as we know, is no defence.

Read More

15/05/2015 / Compliance Management, Risk Management, Performance Management

From Regulatory Compliance Risk Management to Performance Management

Changing the Value of Risk Management in the Australian Property Sector
“No risks here, leave us alone, say property industry leaders” (AFR, 27th September 2014).

While the Reserve Bank continued to express concerns about the continuing surge in demand for Australian office towers, shopping centres, industrial facilities and residential property, the leaders of the leading property sector firms downplayed potential risks to their businesses – “No risks here”.

So what has been the major risk focus of the property sector over recent years?

Read More