Ongoing Monitoring of Compliance Risks Necessary
But the work is not yet finished. At this point the compliance risk analysis becomes compliance risk management. Compliance risks should be continuously monitored and re-evaluated as necessary, because external and internal factors are changing constantly. For example, the political situation in a country changes and, as a result, the risk of corruption alters significantly (external factor) or the company moves into a new business area that may be subject to compliance risks (internal factor).
Even independently of such events, it is advisable to review the risks recorded at regular intervals. Is the probability of occurrence and damage level still realistic? Have the defined measures been implemented and are they having the desired effect?
Regularly reviewing compliance risks not only helps to ensure that companies constantly question the effectiveness of their compliance program and better identify potential new risks – it is also indispensable for demonstrating a robust compliance system to external auditors – and, in an emergency, to law enforcement officers.