Compliance & Risk Management
The discipline of risk management involves the identification of the different types of risks that an organisation faces in conducting its business, assessing the impact of those risks on the organisation, determining the risk appetite of the organisation and putting in place appropriate risk management procedures and controls. The risks faced by an organisation are varied and can include operational risk, fiduciary risk, market risk, credit and counterparty risk, legal risk and reputational risk.
- Compliance is about meeting particular acknowledged obligations that may have a mandatory component to them. Risk management does not have a mandatory component to it, as the organisation may determine how it wishes to deal with risky situations.
- Compliance uses risk management techniques to prioritise its application but all compliance risks are required to be dealt with in some fashion.
- Risk management deals with issues that are both mandatory and non-mandatory for an organisation to undertake.
- Compliance identifies all the obligations and then uses risk management techniques to prioritise the response in terms of implementing control procedures, levels of monitoring, reporting requirements and resource allocation.