Documente Academic
Documente Profesional
Documente Cultură
(Concept Title)
distinct approaches and execution tactics for both. Non-compliance is a risk, but risk
management is not compliance.
Business is changing so rapidly that the old, reactive ways of managing
compliance risks might lead organizations to fall behind the competition or leave
them exposed to larger regulatory or reputational risks than they ever expected.
This is why some organizations are finding ways to better manage compliance
risks and be more risk intelligent, which involves being more aware of today's
risks. You need an integrated compliance model across the organization to keep
compliance risk in check, and to ensure that ethics policies are followed at every
level in the organization.
It requires a holistic approach toward managing compliance in an
organization. The goal is to provide a single, enterprise-wide solution
toward managing compliance. The benefits of an integrated compliance strategy
include reduced risk, faster time to market, reduced costs, enhanced customer
experiences, and more.
Risk managers work with companies to assess and identify the potential
risks that may hinder the reputation, safety, security and financial prosperity of their
organization. Once these risks have been identified, assessed and evaluated, risk
managers are then tasked with implementing processes and procedures to ensure
that their client is fully prepared to deal with any potential threats
(https://www.allabout careers.com/careers/job-profile/risk-manager).
.
A risk manager’s job is inspired by the mantra, “prevention is better than
cure.” It’s all about avoiding threats and mitigating the effects of those which are
essentially unavoidable.
Risk management careers are highly analytical and a large part of your time
will be focused on conducting detailed risk assessments. This process involves
analyzing documents, statistics, reports and market trends. You’ll also be required to
assess the organization’s previous risk management policies and protocols.
Risk management is also about understanding an organization’s business
objectives. You’ll need to gather information about your client’s outgoings, legal
In this study, the researcher will assess the Compliance Risk Management in
the business firms in National Capital Region, which was the risk manager will be the
respondents. The research paradigm (figure 1) shows three frames using the
system model approach. The first frame (Inputs) contains the demographic profile,
perceptions of the risk manager and they problem encountered and solutions when
they used compliance risk management. Likewise, on the second frame (Process)
refers to the various strategies in finding out results, and lastly, (Output) is the
updated databank on the relationship with regards to compliance risk management
variables and their significant relationship to demographic profile, perceptions,
problem encountered and upgraded solutions.
Conceptual Framework
1. Demographic profile of
the respondents:
Updated data bank of the
1.1. age;
respondents:
1.2. gender;
1.3. educational
attainment;
Significant Relationship
1.4. years in the
on the perceptions of
company; and
risk manager with
1.5. years experienced Databank of the
regards to compliance
as risk manager. respondents:
risk management in the
business firm
2. Perceptions of risk a. Demographic Profile/
manager in compliance Risk Manager:
risk management used in
the business firm. a.1. Retailer/Seller/Trader
Significant relationship
a.2. Manufacturer
on the problems
3. Problems encountered encountered by the risk
b. Statistical treatment
by the risk manager manager when they
and interpretation with
when they decide using used compliance risk
regards to collected data.
compliance risk management in the
management in the business firm.
c. Presentation, analysis
business firm.
and interpretation.
1.1. age;
1.2. gender;
3. What are the problems encountered by the risk manager when they decide
used compliance risk management in the business firm?
6. What are the solutions of the risk manager to avoid problem when they use
compliance risk management in the business firm?
Hypothesis
The study aims to assess risk manager as they used compliance risk
management in the business firms in National Capital Region. The respondents are
distributed in the figure 2. Sixty (60) risk manager in the National Capital Region who
used already the compliance risk management. It was delimited to Sixty (60) risk
manager in the business firm due to its peculiarity. This study will be conducted from
June to August 2020.
Figure 2
This chapter deals with a review of related literature and study, which have
significant bearing on this study and will help the researcher on the appropriate
components include in the assessment of risk manager with regards to compliance
risk management in the business firms.
Related Literature and Study
Risk managers work with companies to assess and identify the potential
risks that may hinder the reputation, safety, security and financial prosperity of their
organization (https://www.allaboutcareers.com/careers/job- profile/risk-manager).
. Once these risks have been identified, assessed and evaluated, risk
managers are then tasked with implementing processes and procedures to ensure
that their client is fully prepared to deal with any potential threats.
A risk manager’s job is inspired by the mantra, “prevention is better than
cure.” It’s all about avoiding threats and mitigating the effects of those which are
essentially unavoidable.
Risk management careers are highly analytical and a large part of your time
will be focused on conducting detailed risk assessments. This process involves
analyzing documents, statistics, reports and market trends. You’ll also be required to
assess the organization’s previous risk management policies and protocols.
Risk management is also about understanding an organization’s business
objectives. You’ll need to gather information about your client’s outgoings, legal
responsibilities and environmental policies, and then evaluate the effects of any
proposed risks against these current processes.
Life as a risk manager, however, is not just about going through information
with a fine tooth comb: you’ll also need to have the ability to build relationships with
your clients and their stakeholders. For instance, based on your analysis, you’ll have
to produce risk reports, attend meetings and present your proposals to senior
members of staff.
The kind of solutions which risk managers suggest and implement are likely to
include insurance, health and safety policies, disaster recovery measures and
business continuity plans. Once these have been put in place, risk managers will
often return to organizations again in the future to conduct additional audits and
assessments.
Compliance risk is exposure to legal penalties, financial forfeiture and material
loss an organization faces when it fails to act in accordance with industry laws and
regulations, internal policies or prescribed best practices
(Whatls.com). Compliance risk is also sometimes known as integrity risk. Many
compliance regulations are enacted to ensure that organizations operate fairly and
ethically. For that reason, compliance risk is also known as integrity
risk. Compliance risk management is part of the collective governance, risk
management and compliance (GRC) discipline. The three fields frequently overlap in
the areas of incident management, internal auditing, operational risk assessment,
and compliance with regulations such as the Sarbanes-Oxley Ac in the United State
of America. Penalties for compliance violations include payments for damages, fines
and voided contracts, which can lead to the organization's loss of reputation and
business opportunities, as well as the devaluation of its franchises
According to John Spacey (https://simplicable.com/new/compliance-risk)
dated August 27, 2015 updated on November 05, 2016, Compliance risk is the
potential losses and legal penalties due to failure to comply with laws or regulations.
In many cases, businesses that fully intend to comply with the law still have
compliance risks due to the possibility of management failures. The following are a
few examples of compliance risks.
1. Environmental Risk -Potential for damage to living organisms or the environment
arising out of an organization’s activities, 2. Workplace Health and Safety - Risks
related to all aspects of health and safety in the workplace such as accidents or
repetitive strain injuries, 3. Corrupt Practices - The potential for corrupt practices
such as bribery or fraud. Organizations are generally responsible for the actions of
their employees and agents in this regard, 4. Social Responsibility - The risk
that your business activities will harm your workers or the people in the communities
in which you operate, 5. Quality - Releasing a low quality product or service that
fails to meet the expected level of due diligence in your industry or that violates laws
and regulations, and 6. Process Risk - The risk that your processes will fail
resulting in legal violations such as failure to meet your responsibilities to your
Risk analysis. Once specific types of risk are identified, the company then
determines the odds of them occurring, as well as their consequences. The goal
of risk analysis is to further understand each specific instance of risk, and how it
could influence the company's projects and objectives.
Risk management strategies should also attempt to answer the following questions:
1. What can go wrong? Consider both the workplace as a whole and individual
work.
2. How will it affect the organization? Consider the probability of the event and
whether it will have a large or small impact.
3. What can be done? What steps can be taken to prevent the loss? What can
be done recover if a loss does occur?
4. If something happens, how will the organization pay for it?
Risk management approaches
After the company's specific risks are identified and the risk management
process has been implemented, there are several different strategies companies can
take in regard to different types of risk:
directors are required to review and report on the adequacy of enterprise risk
management processes. As a result, risk analysis, internal audits and other means
of risk assessment have become major components of business strategy.
Risk management standards have been developed by several organizations,
including the National Institute of Standards and Technology (NIST) and the
International Organization for Standardization (ISO). These standards are designed
to help organizations identify specific threats, assess unique vulnerabilities to
determine their risk, identify ways to reduce these risks and then implement risk
reduction efforts according to organizational strategy.
The ISO 31000 principles, for example, provide frameworks for risk
management process improvements that can be used by companies, regardless of
the organization's size or target sector. The ISO 31000 is designed to "increase the
likelihood of achieving objectives, improve the identification of opportunities and
threats, and effectively allocate and use resources for risk treatment," according to
the ISO website. Although ISO 31000 cannot be used for certification purposes, it
can help provide guidance for internal or external risk audit, and it allows
organizations to compare their risk management practices with the internationally
recognized benchmarks.
The ISO recommends the following target areas, or principles, should be part of
the overall risk management process:
The process should create value for the organization.
It should be an integral part of the overall organizational process.
It should factor into the company's overall decision-making process.
It must explicitly address any uncertainty.
It should be systematic and structured.
It should be based on the best available information.
It should be tailored to the project.
It must take into account human factors, including potential errors.
It should be transparent and all-inclusive.
It should be adaptable to change.
It should be continuously monitored and improved upon.
The ISO standards and others like it have been developed worldwide to help
organizations systematically implement risk management best practices. The
ultimate goal for these standards is to establish common frameworks and processes
to effectively implement risk management strategies.
These standards are often recognized by international regulatory bodies, or by
target industry groups. They are also regularly supplemented and updated to reflect
rapidly changing sources of business risk. Although following these standards is
usually voluntary, adherence may be required by industry regulators or through
business contracts.
On the https://techbeacon.com/security/heres-better-way-do-compliance-risk-
management by Joydip Kanjilal on the article Here's a better way to do compliance
and risk management cited that as government regulations spread around the
globe, geopolitical, regulatory, legal, and compliance risks continue to
present challenges in the enterprise. With the proliferation of laws and rules and the
increase in stakeholder expectations, your organization may be more vulnerable to
compliance risks than ever.
Too many companies are still taking an old-school approach when it comes
to managing compliance risk. Today's issues of risk change at the speed of
business, so your strategy and process must also change quickly. Here's how to go
about doing that.
Many compliance regulations have been enacted to ensure that
organizations operate fairly and ethically. Most organizations have compliance
processes in place to make sure they adhere to all relevant laws and rules, or face
potential legal, financial, and other consequences.
Compliance risk is any threat to an organization's financial, organizational, or
reputational standing. A well-defined compliance process can reduce your
organization's overall risk of violating these standards—and facing the
consequences.
Compliance management and risk management are related, but they are not the
same thing. Risk management involves predicting and managing risks to help an
organization protect itself from risks that might eventually lead to non-
compliance. For its part, compliance management is the process of managing
Companies in the same industry and of the same size are likely facing similar
compliance challenges. What are your peers doing to mitigate such risks? Business
leaders need to come up with a unique compliance management strategy that does
not follow the same approach used by their peers.
Here's why: If you are handling compliance risk management like everyone
else, how can you gain an edge? Evolve your risk management approach by
analyzing what your organization is doing today and how it should be doing it
tomorrow.
Here are six ways in which you can handle compliance in a different way:
1. Adopt a unique compliance strategy
Such a strategy may anticipate future industry trends across business,
products, services, and geographies. This will help the organization gain a
competitive advantage through well-planned compliance management programs.
2. Technology and tools
The right combination of technology and best practices can make your
compliance process more effective. With today's tools and technologies, it is not that
difficult to stay ahead. An efficient approach for managing compliance risk is to use
tools that can extract data from your systems and then tell you what is deviating from
the desired policies.
3. Framework to manage compliance risk
One way to improve how you manage compliance risk is to build a framework
and methodology for assessing the risks. This framework should, in turn, be
comprehensive and customizable. A compliance framework refers to a set of
guidelines and policies that discuss how an organization can adhere to compliance
regulations. Typically, it is developed by the compliance and risk management teams
in an enterprise. It may be built from scratch, or existing frameworks can be
leveraged. This is at the discretion of the enterprise. Some ready-built compliance
frameworks available include the COBIT 5 Framework and the Unified Compliance
Framework.
4. Increased collaboration
Increase collaboration and functional integration among all those who are
involved in various areas of compliance, including senior managers and the
of risk. Risk, in turn, can reduce value created by business processes and create
negative returns. When considering the risk adjusted value of a business process the
overall perceived value to the organization changes (Zur Muehlen and Rosemann,
2005; Rikhardsson et al., 2006; Jallow et al,2007; Zoet et al., 2009). To prevent the
manifestation of risk and preserve added value effective governance needs to be
applied. To realize a proper governance structure organizations implement
compliance and risk management and business rules
management solutions (Ross, 2003; IT Governance Institute, 2007; Tarantino,
2008).
In the paper authored by Ravesteyn, P., Versendaal , J., & Zoet, M. “A
Business Rules Viewpoint on Risk and Compliance Management”, 24th Bled
eConference eFuture: Creating Solutions for the Individual, Organizations and
Society June 12 - 15, 2011; Bled, Slovenia, they defined a meta-model in order to
answer the research question: how to integrate risk management, compliance
management and business rules management, such that it gives a complete,
accurate and usable representation for organizations? They elaborated the
difference between operational and compliance risk leading to the conclusion that
both are specific risk concerns an organizational stakeholder can be hold
responsible for. Additionally they elaborated on the relationship between operational
risk, compliance risk, BRM and requirements resulting in the defined meta-model.
The metamodel has been tested on 103 situations at six organizations; the paper
discussed one particular situation in detail. The research enables us to conclude that
our meta-model contributes to the integration of the different fields. While doing so
our approach does not contradict or conflict with current languages present in the
fields of enterprise architecture or business rules. This work represents a further step
in research on synthesizing risk management, compliance management and BRM.
While that work has focused on constructing and validating a meta-model, future
research should explore a proper way of presenting, communicating and using the
meta-model. A promising approach and direction for subsequent research would be
the work of Engelsman et al. (2010), who have created a comparable model
(ARMOR). The model has significant differences though. ARMOR does not address
business rules, yet it deals with requirements and implementation mechanisms in a
There is many business ethics risk management model that is useful for
organizations to follow; however, the model for managing ethics risks must be based
on predefined ethical principles that take into consideration the interests of all people
involved.
Managers must be a role model for the rest of the employees in an organization,
as such, trust and loyalty become prevalent in the work environment.
Ethical issues must be an approach based on predetermined ethical principles to
avoid any bias by any party.
Every enterprise must, as part of its business activities, face certain risks that
may lead to a reduction in the value of the organization, its weakening or even may
be the reason for its decline. Therefore, it is necessary to prevent these risks or
minimize their impact. And with it grows the importance of risk management, which
Veber (2014, p. 604) describes as "a systematic and coordinated way of working
with the risks applied throughout the organization, i.e. at all levels of management,
including all processes and all kinds of risks with respect to their relationships." Many
managers believe they pay close attention to the risks, however, especially in small
businesses the risks are monitored unsystematically, at random, intuitively and
informally. Quite often, the predominant belief is that the management or the owner
knows well all possible risks, so there is no need to deal with them separately.
Another pitfall is the monitoring of risks with only narrowly defined criteria, which can
lead to biased results and erroneous managerial decisions (see Alquier, Tignol,
2006).. For example: the critical problem, which greatly affects the decision-making
of the enterprise, is to identify potential cost savings (Vetráková, Potkány, Hitka,
2013). Another misconception is that the term risk management refers only to
interventions, or remedial measures that are taken in response to the manifestations
of risks. This article focuses on risk analysis in a small business as part of risk
management, using methods that are suitable for such an entity, and in relation to
the other stages of risk management. The aim is to identify risks that could
significantly affect the performance of the selected small business. The SMEs play
fundamental role in society from an economic and social point of view; in Europe
they comprise 99.8% of the total number of companies (Verbano, Venturini, 2013).
consisting in e.g. the transfer of risks to other entities, the creation of reserves,
obtaining of additional information and others. It can be supplemented with any
activity aimed at reducing the adverse consequences of risks, e.g. diversification,
risk sharing and insurance. Rapid changes in the economic situation and the growing
rivalry in the competitive environment lead to displacing of the traditional approach to
risks, which was defensive and passive, according to Chevalier (1994). Therefore,
even a small business management should focus primarily on eliminating the causes
of controllable risks. This requires constantly obtaining relevant information, focusing
on better use of the company resources and developing relationships with
customers. Small and medium businesses still make insufficient use of grants and
projects, due to the lack of information and fear of potential , often unidentified, risks.
This chapter deals with the research design, instruments used, subject of the
study, sampling technique, data gathering procedure, and statistical treatment of
data, which provided the framework in answering questions posed in the study.
Research Design
Further, the study will use the descriptive method of research, which will
describe and interpret the assessment of risk manager in using compliance risk
management.
The study will involve sixty (60) risk managers in business firms in National
Capital Region. They were categorized as Retailers/Sellers/ Traders and
Manufacturing business firms.
The list of company will be requested and taken from Security and Exchange
Commission; and the risk manager shall be randomly selected based on their
availability to answers questions on an structured questionnaires.
Concept by: Submitted to:
Manuel L. Hermosa Dr. Cecile F. Jose
RTU - DBA Student Graduate Studies, Professional Lecturer
Compliance Risk Management in the Business Firms: An Assessment
(Concept Title)
A questionnaire as the main tool of the study which is based from reading of
books, journals, and magazines. It had three parts, the cover letter, demography,
and the question proper itself.
Data will be gathered, collect, tabulate and will compute based on the desired
analysis according to the statement of the problem of the study. The data were then
subjected to analysis using descriptive statistic such as percentage, frequency
counts, and standard deviation and mean to describe the profile of the respondents.
To determine relationship of the risk managers profile to their perception in
compliance risk management used by the business firms, and relationship of risk
managers, and relationship of risk managers profile on the encountered problem
when they used compliance risk management in solving problems, Pearson product
moment correlation will be used.
References:
Abdeldayem, MM. & Darwish, S., (2019) “Risk Management and Busines
Ethics: Relations and Impact in the GCC”, International Journal of Civil Engineering
and Technology (IJCIET) Volume 10, Issue 10, October 2019, pp. 489-504, Article
ID: IJCIET_10_10_047 Available online at http://www.iaeme.com /ijciet/issues. asp?
JType=IJCIET&VType=10&IType=10 ISSN Print: 0976-6308 and ISSN Online: 0976-
6316
Doupalová, V., & Myšková, R. (2015), “Approach to Risk Management
Decision-Making in the Small Business”, University of Pardubice, Faculty of
Economics and Administration, Pardubice 530 02, Czech Republic - Procedia
Economics and Finance 34 ( 2015 ) 329 – 336
https://www.allaboutcareers.com/careers/job-profile/risk-manager
https://searchcompliance.techtarget.com/definition/compliance-risk
https://searchcompliance.techtarget.com/definition/risk-management
https://techbeacon.com/security/heres-better-way-do-compliance-risk-
management