Society of Corporate Compliance and Ethics & Health Care Compliance Association (SCCE & HCCA)
Overview: Compliance risks are common and frequently material risks to achieving an organization’s objectives. For many years, compliance professionals have used a widely accepted framework for compliance and ethics (C&E) programs to prevent and timely detect noncompliance and other acts of wrongdoing. The C&E program framework is described in Appendix 1 (if readers are not already familiar with the elements of a C&E program, consider reading Appendix 1 before proceeding). The COSO Enterprise Risk Management (ERM) Framework, meanwhile, has been used by risk and other professionals to identify and mitigate a variety of organizational risks, including compliance risks.
This publication aims to provide guidance on the application of the COSO ERM framework to the identification, assessment, and management of compliance risks by aligning it with the C&E program framework, creating a powerful tool that integrates the concepts underlying each of these valuable frameworks.