Compliance Audit: Evaluating and Balancing Country Risk and Regulatory Risk
Author: Lisa Bowyer, CAMS-Audit
An initial and on-going risk assessment is the foundation of any compliance system regardless of its scope and the starting point for an audit of a compliance system should be to review and evaluate the risk assessment.
Whilst a variety of risks have been identified by standard setters and regulators for more than a decade, evaluating the risk assessment presents a difficult hurdle to clear cleanly to scope the audit and produce a high quality reliable report.
The failure to accurately assess and appropriately apply country risk by an institution results in exposure to increased risk and this includes some regulatory risk.
The failure by a compliance auditor to accurately and properly evaluate the risk assessment of country risk may result in further increased regulatory risk where the Institution is mandated to arrange periodic compliance audits.