Guidelines for the Compliance Function

The need to establish a compliance function will depend on, amongst other things, the industry and the organization, although typically the drivers are regulatory requirements and/or exposure to the risk of violating laws and regulations. Examples of this can be corruption risk or reputational risk. For some industries/organizations, it is a legal requirement to have a compliance function.

In this guidance we have tried to describe «best practice» for compliance functions regardless of industry, regulation and size. It does not cover the legal requirements to which compliance functions may be subject, rather it introduces the basic principles of the function. Individual adaptations will naturally depend on each organization’s nature, size and risk profile.

Assessing & Managing Strategic Risks

Research on internal audit stakeholders conducted as part of The IIA’s Common Body of Knowledge (CBOK) 2015 study confirms that executive management and directors expect and value internal audit expanding its roles to include both providing assurance over the organization’s strategic risks and assisting management to enhance their risk management processes over strategic risks.

While the book discusses key concepts and possible roles and activities for internal audit related to strategic risks, the primary focus of the book is on two key processes: the assessment of strategic risks and strategic risk management. It provides frameworks on strategy and strategic risks and a basic strategic risk assessment methodology. Also included are helpful tools such as strategy maps, risk heat maps, a strategic risk management diagnostic, and detailed process charts.

This book is designed to provide internal auditors with sound, practical advice that can better enable them to meet this critical challenge and add this dimension to their existing risk assessment processes. Strategic risks and strategic risk management also represent areas of significant opportunity for internal auditors to «up their game» and more closely align the activities of internal audit to the achievement of their organization’s overall business objectives.

About the Authors:

Richard (Dick) Anderson, CPA, is a clinical professor in the Center for Strategy, Execution, and Valuation, and the Strategic Risk Management Lab at DePaul University. A frequent author and speaker, his articles have appeared in Internal AuditorFinancial ExecutiveJournal of Business StrategyInternal Auditing, Director’s Monthly, and Journal of Accountancy.

Mark L. Frigo, PhD, CPA, CMA, is director of the Center for Strategy, Execution, and Valuation, and the Strategic Risk Management Lab in the Kellstadt Graduate School of Business at DePaul University. The author of seven books and more than 100 articles, his work is published in leading business journals, including Harvard Business Review.

COSO Internkontroll – et integrert rammeverk (sammendraget)

Den norske oversettelsen av Sammendraget fra den oppdaterte versjonen av COSOs Internkontroll – et integrert rammeverk.

Dette sammendraget gir en oversikt beregnet på styret, administrerende direktør og andre i toppledelsen. Selve rammeverk med vedlegg definerer internkontroll og beskriver kravene til en hensiktsmessig og effektiv internkontroll med komponenter og relevante prinsipper.

Vi bruker informasjonskapsler for å forbedre din opplevelse på nettstedet vårt. For mer informasjon om hvordan vi håndterer dataene dine, vennligst se vår personvernerklæring.