Today the scope of compliance is much broader and its impact on business far greater than ever before. Despite greater regulation and the risk of noncompliance, some companies may not be taking their responsibility for identifying and managing compliance risk particularly seriously. Organisations should Identify, prioritize, and assign accountability for managing existing or potential threats related to legal or policy noncompliance—or ethical misconduct—that could lead to fines or penalties, reputational damage, or the inability to operate in key markets.
A survey conducted in 2014 by Compliance week indicates 40 percent of companies did not perform an annual compliance risk assessment. Further a study conducted by IIA indicates 38 percent of chief audit executives (CAEs) did not use compliance or regulatory requirements as a resource to establish the audit plan.