The first step to the implementation of a successful compliance program is the establishment of a Risk Appetite Statement ("RAS"). This statement, approved by the board of directors, sets forth the Board's willingness to accept risk up to predetermined levels. ICRM can aid you in developing the RAS.
ICRM can assist clients in the development or updating of the RAS with the Compliance risks present in the organization. Following the establishment and approval of the RSA, ICRM can help in the identification of the compliance risks and related Key Risk Indicators (KRIs) to help monitor those risks on an ongoing basis and to help determine if those identified risks breach on an absolute level the Board's approved risk appetite as reflected in the RAS.
ICRM, with its deep experience in processes and controls, can help to identify key controls, preventive or detective, manual or automated, to mitigate the identified risks. We Then help clients in developing and documenting the framework for evaluating risk levels, the effectiveness of controls, and the resulting level of residual risk. This framework is then implemented to provide a robust assessment of the compliance risk faced by the organization.