Question

1. Compare the implementation of a compliance program with the risk management process.

a. Describe the procedures that should occur after a compliance program is implemented.

b. Dwight is the new Chief Risk Officer (CRO) and head of internal audit for a large, multi-national organization. When he reviews the organization’s compliance program, he finds that the procedure in the employee handbook directs employees to report questionable practices to their direct supervisor. Explain whether Dwight should change this reporting practice

Answer 1

Answer:

Comparison between the implementation of a compliance program with the risk management process is as follows:

1. Non-Compliance can trigger expensive fines and risk management depends on determining risks worth taking:

Non-compliance can lead to reputation damage, whereas, risk management depends more on analyzing whether the risk is worth taking or not.

2. Compliance program is tactical and risk management is strategic approach:

Implementation of Compliance program based on adhering to rules and regulations. Whereas, the risk management process is more strategic approach as it is more on the side of making strategies to eliminate risks.

A. AUDIT:

           

After the compliance program is implemented the ‘Audit ‘procedure comes into picture.

Audit is a review whether an organization has adhered to the rules and regulations. A report is generated through audits, which evaluates the correctness of compliances and its deviations.

The main object to conduct an audit is to assess the effectiveness of the business compliance practices, its rules and regulations.

B. The audit performed by the new CEO, shows that the employee reporting practice includes reporting of questionable practices to the direct supervisor, is right and should not be changed. Because, the reporting practices are based on organizational hierarchy structure and for proper flow of information and solutions thereof, it should go through proper hierarchy only.