Objective II is designed to provide a company with a dynamic and iterative process for identifying and assessing risks. For the compliance practitioner, none of this will sound new or even insightful, however the Framework requires a component of management input and oversight that was perhaps not as well understood.
Discussion. The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 See more +
Objective II is designed to provide a company with a dynamic and iterative process for identifying and assessing risks. For the compliance practitioner, none of this will sound new or even insightful, however the Framework requires a component of management input and oversight that was perhaps not as well understood.
Discussion. The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 Internal Controls Framework. Obviously, risk assessments are a cornerstone of a best practices compliance program as laid out in the 2012 FCPA Guidance and in the DOJ’s Evaluation. The regulators are telling companies specifically that they should be seeing new risks that they need address because of the changes brought about by the new standard.
Three key takeaways:
1. Risk assessments are required under the COSO 2013 Internal Controls Framework, the 2012 FCPA Guidance and almost all other best practices compliance programs.
2. Look at your risks across your organization and not in a siloed manner.
3. Risks, both determination and management of, changes over time so be cognizant of changes in business practices on the ground. See less -