Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Risk Assessment: A Natural Partnership for Internal Auditors and CCOs

by Michael Volkov
May 26, 2015
in Risk
Risk Assessment: A Natural Partnership for Internal Auditors and CCOs

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

We all know our favorite things and people who fit together well – milk and cookies, peanut butter and jelly, chips and salsa, Tracy and Hepburn, Martin and Lewis, Abbott and Costello and many other great combinations.

In the corporate compliance world, Chief Compliance Officers and Internal Auditors are natural allies. They often report to the same Board committee, share a common perspective on corporate operations and are aimed at identifying and preventing misconduct.

They often coordinate with each other to monitor and audit corporate operations with a slightly different perspective – financial controls for the auditor and overall ethics and compliance program requirements for the CCO.

In this process, there is one area where CCOs and Internal Auditors should coordinate and build a strong working relationship: risk assessments. I am often surprised when I learn that a CCO and an Internal Auditor do not work together on this issue. While they may use the information collected for different purposes, there is a significant economy to having one risk assessment process conducted for use by both the CCO and the Internal Auditor.

The Internal Auditor uses the risk assessment information for a very specific purpose: developing an audit plan for the upcoming years. In addition, the risk assessment data helps an Internal Auditor not only to identify where to conduct audits in the company, but also provides important information for the Internal Auditor to determine the type and focus of an audit.

For example, if the risk assessment identifies extravagant gifts, meals and entertainment as a high risk in China, the Internal Auditor may focus the audit of the China operations on such expenditures and surrounding internal controls. On the other hand, if the risk assessment identifies tendering procedures in the Middle East as a high-risk activity, the Internal Auditor may focus the audit on such activities and surrounding controls.

The CCO uses a risk assessment not only for identifying and prioritizing risks for design and implementation of compliance controls, but also for conducting compliance audits for specific company operations, depending on location, product line or other risk factors associated with individual operations.

A CCO can use risk assessment information to decide on training activities for the next few years, as well as when considering new or enhanced controls to mitigate relevant risks.

A CCO and an Internal Auditor need to coordinate their own joint plans for conducting audits of company operations, focused on compliance and financial issues. This is a critical joint activity that requires CCOs and Internal Auditors to rank risks, allocate resources to different types and levels of audits and design a plan relying on both audit and compliance staff to carry out the projected audits.

Internal auditors frequently rely on survey information to develop their risk assessments. CCOs should piggyback on this same procedure and build in appropriate questions and data needed to assess risks for compliance purposes. Working together, they should conduct this assessment each year, coordinate the results and analysis and use the risk assessment information as foundation for their respective and joint activities.

Internal auditors often have the same complaints as CCOs about the lack of resources and staff. This is one area where they can reduce their respective costs and facilitate coordination with each other.


Previous Post

Organizational Culture in Corrupt Companies

Next Post

The Importance of Risk Culture

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
The Importance of Risk Culture

The Importance of Risk Culture

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights