Five questions on enterprise compliance
If you’ve noticed that the issue of compliance risk is taking more of your organization’s time and resources lately, you’re not alone. As globalization continues apace, the regulatory environment is tightening and becoming more complex around the world. As a result, leaders that have been able to “make do” with a fragmented approach to compliance are rethinking their compliance strategies as they weigh the possibility of a heightened exposure to compliance risk. “Enterprise compliance” — a coordinated approach to compliance spanning multiple businesses, organizational units, and geographies — is moving to the top of the compliance agenda for many executives. For a term that was scarcely heard of only a few years ago, this growing interest in enterprise compliance may come as a surprise. It doesn’t help that there has yet to be a clear, shared understanding of how enterprise compliance actually works.
In this issue of Risk Angles, Donna Epps, partner, Deloitte Financial Advisory Services LLP, offers some thoughts on questions executives ask her most frequently about enterprise compliance. Then, Nicole Sandford, partner, Deloitte & Touche LLP, takes a closer look at the pros and cons of a centralized versus decentralized enterprise compliance program.
This Risk Angle answers the following questions
- We're already investing plenty on compliance issues. How is enterprise compliance any different?
- Enterprise compliance may work well in a business with a fairly limited scope. But how could it actually work in a large, global organization engaged in a wide variety of very different businesses?
- Who has the primary responsibility for leading an enterprise compliance approach?
- Doesn't it make more sense to focus on compliance culture, rather than enterprise compliance?
- Why would we take on the challenge of enterprise compliance if we haven't encountered any big compliance problems to date?
It also takes a closer look at a centralized approach vs a decentralized approach