Risk and Compliance Management | Duthler Associates

Is your risk and compliance management adequate?

Being responsible or accountable for organizing compliance with legal, policy and contractual obligations is central to the corporate compliance function. The findings from the risk and compliance studies feed into the foundation of corporate compliance. The aim of (IT) risk management is to adequately respond to vulnerabilities in the administrative and technical organization that threaten business continuity. The purpose of the corporate compliance function is to enable management to be accountable based on baselines that include the requirements of its own policies, contractual and legal obligations.

The accountability forms a starting point for improving the organization of business activities.

Under pressure from new legislation and related supervision by competent supervisors, the supervisory or compliance burden is increasing. Chain partners are also increasingly requiring demonstrable compliance with the law and agreements. Companies of any size are used to compliance pressures. This pressure is new for small businesses. They often experience this as oppressive.

How can we help you?

Do you have questions about organising, implementing or expanding your compliance operations? Our service owner, Caroline Willemse AA RE RFG or her colleagues, would be happy to discuss your specific case.

What is our service?

Organizing the compliance function is our primary focus. Of course policy-wise, as we have done for MYOBI, for example, with a (legal) accountability, organizing compliance with policy-related, legal and contractual obligations from a tactical and operational perspective.

We set up the organization of risk management thematically. It can be part of the corporate legal function, reputation management or and IT risk management. It is always about identifying the vulnerabilities and the associated business risks, making an inventory and taking appropriate control measures. We see a growing demand for IT risk management as companies move their IT needs to the cloud and outsource management to IT agencies.

While performing the compliance work, we are happy to advise on points for improvement in the administrative organisation and internal control, the protection of company and personal data and the more effective organisation of business activities using business processes that include management and security measures “by design”.

If management experiences compliance efforts as a burden or expense, then the (company) compliance function develops with difficulty. If the management recognizes that the position can contribute to the continuity of business operations, added value is created.

Risk management in the Cloud

Companies are increasingly using cloud services. And rightly so, because the cloud offers many advantages for companies. The direct responsibilities are shifting, but the company retains ultimate responsibility and, thus, runs risks in the extended chain. Regardless of the cloud tier purchased, the company is always responsible for granting privileges, managing data, and using devices on the network.

Compliance in the Cloud

The cloud offers good opportunities to perform compliance. For example, it can be automatically determined that various standards frameworks are met. The compliance officer provides support in this regard.

Contract management and compliance

Continuously determining compliance with contractual obligations and good use of the rights can be seen as a unique form of compliance. In the contract life cycle, it is called contract management. Given the pioneering role of our professionals in organising a practical legal operation, we pay special attention to this.

Risk and compliance management on demand

We assume that a company can organise the business compliance function with the help of knowledge bases, webinars, and training. However, the company can contact our compliance professionals if this is not the case.

Frequently Asked Questions

What do we mean by the compliance operations?

There is no unambiguous definition of compliance. In the financial sector, the role of compliance officer has been elaborated and the purpose of compliance is to establish compliance with laws and regulations.

We see and provide more and more new (European) legislation with compliance arrangements. The subjects, usually the companies and the management, are responsible for organising compliance with legal and contractual obligations. They must account for the (degree of) compliance. This places the supervisory burden on the subjects.

As this legislation is pushed through with compliance arrangements, companies – regardless of size and type – will need a practical, integrated and effective approach to compliance.

We apply such a compliance approach to companies.

A company that takes responsibility – and disseminates accountability – for the realisation of its own mission and vision or its policy gains the trust of its partners (customers, employees and suppliers). It enhances her reputation.

Is the use of MYOBI Trust Network and applications necessary for organising an integrated compliance approach?

No, organising an integrated compliance approach can be organised in a traditional way. To organise an effective compliance operation, it is recommended to use the trust network. The basis for an effective compliance operation is reliable company and personal data.

What are baselines. Does this also include a framework of standards and functional and non-functional specifications for an IT system?

We describe a baseline as an overview of management objectives that a company wishes to maintain or achieve. The measures (per maturity level) are stated here, through which a company can measure whether the objective has been achieved and can make adjustments if necessary.

The baselines are based on general standards frameworks such as ISO and NEN (good practices) and legal frameworks such as the GDPR. Baselines can be made company specific by supplementing them with company objectives and contractual rights and obligations.

A baseline can also be drawn up specifically for a business activity, for example a baseline with functional and non-functional specifications for the purchase of an application in the cloud or the purchase of an IT system.

What is the difference between the term 'internal control', 'compliance' or 'internal control'?

We recognize no difference:

Chartered accountants, charged with the audit of the financial statements, use the term ‘administrative organization and internal control’. Legislators and regulators use the term “compliance (with law)” for being responsible for organising compliance with legal and contractual obligations.
Operationally, as part of the effective organisation of business activities with business processes that include control measures, company employees often talk about internal control.

Is contract management also a form of compliance?

We can regard contract management as a special form of compliance. A company makes agreements with its partner about providing a service against payment. The parties wish that the obligations are met on both sides as agreed. In terms of compliance, the partners can agree on a baseline that everyone adheres to.

Why the distinction between corporate compliance function and risk and compliance management?

Businesses are moving their IT needs to the cloud. The companies often use the cloud services of Microsoft, Amazon and/or Google (it is a pity that there are no European providers in this list). Companies appoint IT agencies for the management of their cloud tenant (rented IT environment) and then spend too little time on (IT) risk and compliance management, ensuring business continuity and achieving the promised added value is in danger.

The policy-based agreement and organizational investment of the corporate compliance function is a necessary precondition for success. We find the practical implementation in the organization in risk and compliance management, whereby the cloud suppliers make effective IT tools available.

Risk management is aimed at recognizing vulnerabilities that have an impact on business risks, identifying and taking effective control and security measures with which the company safeguards its business continuity.

Compliance management focuses on establishing compliance with policy, legal and contractual obligations.

Do you have questions or need an appointment?

Feel free to contact us via +31 (0) 70 392 22 09 or info@duthler.nl. Or contact our specialists below.

Caroline Willemse

Head of Compliance Operations

Caroline is the Head of Compliance Operations at Duthler Associates.
view profile

Call me back!