Enterprise compliance is a centralized, coordinated approach to ethics and compliance program design and assessment that cuts across multiple business units within an organization. It is a programmatic approach, built from the top down and focuses on the specific risks the organization faces.
An organization’s overall enterprise compliance program can be based on a number of frameworks, such as the U.S. Federal Sentencing Guidelines and Committee of Sponsoring Organizations of the Treadway Commission (COSO) and includes broad compliance risks in addition to legal/regulatory compliance risks.
Corporate compliance programs can best be thought of as addressing four distinct “layers” of compliance:
To design and implement an effective and efficient enterprise-wide compliance program, a company needs to create and maintain the people, processes and information/technology for each of the compliance “layers.” Our broad understanding of all these issues can help the chief compliance officer bring greater value to the organization.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.