We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

ISO 19600: A Risk-Based Approach to Compliance Management

Vote 0 Votes
Source: http://www.esv.info/download/zeitschriften/BUCO/leseprobe_2.pdf
Source: http://www.esv.info/download/zeitschriften/BUCO/leseprobe_2.pdf

LogicManager has long believed that an Enterprise Risk Management methodology, also known as a risk-based approach, is the best way of accomplishing any type of organizational governance. With risk as the common factor, governance activities become standardized and comparable, enabling better decision making.

As it turns out, the International Organization for Standardization, or ISO, agrees.

ISO 19600:2014 is a guideline for compliance management systems, designed to establish an effective and responsive method of accomplishing good governance. ISO 19600 accomplishes that goal by adopting a risk-based approach.

Compliance management goes beyond the mere satisfaction of legal requirements. Compliance is also related to meeting the needs and expectations of a wide range of stakeholders. Therefore making sound choices and the setting of priorities is an important part of compliance management. ISO 19600 follows a risk-based approach to compliance management that is aligned with ISO 31000.

Organizations benefit from a risk-based approach by improving their ability to prioritize compliance concerns and adding context to compliance obligations. The guidelines recommend stakeholders consider, "What is the risk (threat or opportunity) if I do (not) adopt a stakeholder's need as a compliance obligation?" Or, in other words, what can go wrong? Risk management software can support the compliance management process by automating communication, and improving the aggregation and analysis of data.

Based on the results of the compliance risk assessment, controls and monitoring can be implemented to ensure organizational goals are met. The end results is the iterative ERM process of Identify, Assessing, Mitigating, and then Monitoring risk.

Learn how LogicManager customers adopt a risk-based approach to compliance management by downloading our one page datasheet on risk-based compliance, or read about our ISO 19600 Plugin for successful implementation of compliance management standards.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives