Another mechanism for continuous improvement of your compliance program is through risk-based monitoring. Under the topic of Control Testing DOJ’s 2019 Guidance posed the following questions, Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third-parties does the company undertake? How are the results reported and action items tracked?
Finally, the beauty of all these techniques articulated by Locwin is that they are tools that can make companies more efficient and, at the end of the day, more profitable. They also move compliance into the fabric and DNA of an organization or operationalize compliance. Her intonation to operationalize compliance speaks to the use of a wide variety of tools to input information, so you can continuously improve your compliance program. Risk-based monitoring is certainly one mechanism to obtain information and feed back into your compliance program in both the prevent and detect prongs.
Three key takeaways:
- How do you monitor manifested risks?
- A risk-based monitoring approach allows you to see things in almost real-time.
- Management of risk can serve your compliance program in a variety of ways.