Risk and compliance video series: 5 reasons risk and compliance control frameworks fail
Global | Video | February 2019 | 3:38
Video Details
Christian Blackwell | Hello and welcome to the next in our series of videos on risk and compliance. I am here today with Anna Phillips to talk about the five main reasons why risk and compliance frameworks actually fail. Welcome Anna, I wonder if you could start by telling us what we are seeing, or what we have seen and what we’ve learnt from our clients over the last year. |
Anna Phillips | We’re seeing that there’s a confusion about what the framework actually entails. So by that I mean that the frameworks are not sufficiently based on risk prevention but instead they're focussed on risk detection or issue resolution. So it’s important that this is avoided in order to ensure that remediation is transitioned into BAU so that there doesn’t result in an abundance of controls and multiple frameworks. So this is definitely a case of quality rather than quantity to ensure there’s adequate integration within the business. This leads me into my second point that there is a confusion about what individual’s roles are in relation to each control. So it’s important to formalise roles in order to avoid duplication of controls and responsibilities. In turn, this increases accountability which is really important within a risk and compliance framework. |
Christian Blackwell | Are we seeing any trends across firms? |
Anna Phillips | I think the key trend we’re seeing is that there is a culture that frameworks are administration. By that I mean they are seen as documentary instead of dynamic so it’s important to avoid this and ensure that controls are not based on legacy issues and that the future does not look like the past. So it’s also important to avoid supervision as a box-ticking exercise. I would say that the regulator is definitely looking at controls which are more preventative that detective so this definitely feeds into a framework which is constantly evolving rather than being a standing still piece of documentation. |
Christian Blackwell | Is there anything that firms should be looking at on a strategic level? |
Anna Phillips | One failure that we are seeing in the industry is that the frameworks are not tailored appropriately to the business. By this I mean that the components of the framework are not in line with the commercial strategy of the firm. This can be because the data the firm is basing the framework on is not aligned with control effectiveness and it’s also again in line with the failure that I mentioned before, it’s not based on the future, it’s based on legacy work. This leads me onto my fifth and final point that there are insufficient resources or resources that are not appropriately skilled. By this I mean that there is not a correct quantity of resource, the right level of skill or the right experience of resource to ensure that these failures that we’ve discussed don’t actually materialise within the business. |