How does your organization view compliance risk? Do you manage it as an exposure to legal penalties when your company is found to be out of compliance with existing industry laws and regulations? Or do you approach it differently?
Many compliance regulations were enacted to deliberately enforce fair and ethical business conduct. Critics often redefine the term compliance risk as integrity risk, since failure to follow established compliance practices and procedures places the company’s reputation on the line. On that basis, it is easy to understand why companies prefer to follow a strategy of risk tolerance, often with the implied assumption that the objective is a zero tolerance for compliance risk.