What's the difference between a compliance risk assessment and a standard organizational risk assessment?
Sort By:
Oldest
General Counsela year ago
I don't think there is any difference. Obviously, a well-designed compliance program must be risk-based. If companies follow the DOJ guidance, everybody will more or less have a similar one. Additionally, when a company must have an enterprise risk management assessment, which is the case for several organizations, it typically includes compliance risk and specific groups of risk. Why should we have two different types of risk assessment? It creates confusion among the Board of Directors and other stakeholders. Overall, it’s difficult to compare risk that can and cannot be quantified, but this is only a matter of having the right tools. I think it’s best to have one risk taxonomy and risk management system where compliance risks are included.General Counsel15 days ago
The organizational risk assessment would include specific themes relevant to the enterprise's strategy and business, including talent management, employee retention risk, macro themes like geopolitical disruption, macroeconomic instability, etc. These themes typically would not feature in a compliance risk assessment, which focuses more on legal and regulatory risk.