Enterprise compliance is a centralized, coordinated approach to ethics and compliance program design and assessment that cuts across multiple business units within an organization. It is a programmatic approach, built from the top down and focuses on the specific risks the organization faces.
An organization’s overall enterprise compliance program can be based on a number of frameworks, such as the U.S. Federal Sentencing Guidelines and Committee of Sponsoring Organizations of the Treadway Commission (COSO) and includes broad compliance risks in addition to legal/regulatory compliance risks.
Corporate compliance programs can best be thought of as addressing four distinct “layers” of compliance:
- Involuntary for everyone
- Involuntary for a particular industry
- Involuntary for a particular geographic footprint
- Voluntary for strategic or operational excellence.
To design and implement an effective and efficient enterprise-wide compliance program, a company needs to create and maintain the people, processes and information/technology for each of the compliance “layers.” Our broad understanding of all these issues can help the chief compliance officer bring greater value to the organization.