APPLYING THE COSO ERM FRAMEWORK
Why this publication is needed?
Compliance risks are common and frequently material risks to achieving an organization’s objectives. For many years, compliance professionals have used a widely accepted framework for compliance and ethics (C&E) programs to prevent and timely detect noncompliance and other acts of wrongdoing. The COSO Enterprise Risk Management (ERM) Framework, meanwhile, has been used by risk and other professionals to identify and mitigate a variety of organizational risks, including compliance risks.
Compliance risks are those risks relating to possible violations of applicable laws, regulations, contractual terms, standards, or internal policies where such violation could result in direct or indirect financial liability, civil or criminal penalties, regulatory sanctions, or other negative effects for the organization or its personnel. Throughout this publication, “events” associated with compliance risks will be referred to as “noncompliance” or “compliance violations.”