What Organizations Have Learned From Incorporating Ethics & Compliance Into Enterprise Risk Management (ERM)

February 11, 2011
Document

ERC Research Series: Series 1

From Enterprise Risk Management: Why the Ethics and Compliance Function Adds Value

Download Key Findings

Download ERM: the full publication

Lessons from Incorporating Ethics and Compliance

Key Findings:

  • Incorporating the Ethics and Compliance (E&C) function can help transform ERM from a regulatory process into a strategic process
  • Assuring follow up and mitigation actions is essential for ERM to have credibility
  • Effective document management and protection is key for preventing ERM from creating additional risk for the organization
  • Using tools and processes that are already embedded in the organization when doing ERM helps to sustain the changes that are driven by ERM
  • The “risk appetite” of different organizations varies widely according to the culture
  • Leadership and culture can both reduce and exacerbate risk
  • The skills and competencies of the internal E&C function can reduce the organization’s reliance on external resources for conducting ERM, and reduce cost
  • Establishing accountability for mitigating the risks that are identified is essential for success
  • The E&C function can bring a coherent and integrated understanding of the overall risk profile of an organization
  • Formalizing ERM responsibilities in job descriptions and performance reviews helps to sustain the work overtime
  • The E&C function has strong capabilities to work effectively across departments and business units
  • ERM needs to respond to the organization’s culture, and it can also change that culture

Download Key Findings

Download ERM: the full publication