Printer Friendly, PDF & Email

Rethink compliance management: Take an informed approach to mitigating risk

Karima Mariama-Arthur ( is CEO of WordSmithRapport in Washington, DC, and Christopher Mayer ( is Associate Dean for Strategy & Initiatives, United States Military Academy at West Point in West Point, New York, USA.

Colonel Mayer’s views are his own and not the views of the United States Military Academy, the United States Army, or the Department of Defense.

As our world becomes more connected and equally complex through global stakeholder engagement, advances in technology, and an ever-changing regulatory framework, organizations everywhere face new challenges, increased expectations, and greater exposure to compliance risks. Yet the concept of risk is hardly straightforward. And, even though good governance rarely relies on a single approach for mitigation, the process is often siloed. This is why practicing federated compliance—true collaboration across departments—can be a game-changer for organizations that prioritize it.

Evaluating risk is designed to be a meticulous process, where heightened scrutiny is the norm, rather than the exception. For this reason, due diligence requires tangible opportunities to diagnose, troubleshoot, and provide ongoing prescriptive guidance. While all organizations must confront their fair share of common compliance issues, most are unique. A large portion is industry-specific; others arise because of changes in the regulatory landscape. Still more are triggered in times of volatility, uncertainty, ambiguity, and complexity, such as during our collective experience with the COVID-19 pandemic.

Whatever the motivation for mitigating risk, a hard truth remains: Too many organizations simply don’t know where to begin. And, the failure to close this knowledge gap can be disastrous, as subsequent remedial measures do not always work. According to a joint survey conducted by Deloitte & Touche LLP and Compliance Week, 40% of companies do not perform an annual compliance risk assessment. That’s 40% too many.[1]

Choosing to ignore potential risks only puts an organization’s business, financial, operational, and legal structures in jeopardy. Regulators are keen on having their compliance expectations met and are prepared to escalate enforcement when they are not. To avoid the worst result, organizations must be proactive about identifying their susceptibility to risk and implementing a compliance management program that effectively safeguards their future.

We have learned a great deal over the last two years and, as a result, have had to change the way we view and plan for risk. What follows are some important points to consider.

This document is only available to members. Please log in or become a member.

This document is only available to subscribers. Please log in or register for complimentary access.

* required field