Cross-functional managers who have high-risk compliance issues within their area of control.
The committee is to develop a compliance plan. The committee will also be responsible for organizing, directing and controlling compliance activities. This will be an ongoing working committee that meets at least quarterly (more frequently initially).
- Each committee member will conduct a comprehensive risk assessment of compliance issues within the area represented. This risk assessment will be accomplished through a smaller working team within the department. Those team members will be identified on the Risk Assessment for each department.
- Each identified compliance issue will be evaluated and assigned a level of risk.
- Each committee member will then assess the current monitoring mechanisms for the high risk areas that were identified within the department;
- Each committee member will then identify and implement additional monitoring, training or other efforts that need to be initiated to mitigate the higher risks identified.
Mitigation efforts include:
- Operating Controls: Those procedures that are applied to every event/transaction in a process to ensure compliance with the policies and procedures governing the process. This includes policies and procedures, segregation of duties and reconciliations, etc.
- Supervisory Controls: Those procedures performed immediately thereafter by first line management, usually on a sample of all events/transactions to determine if the operating controls have been applied as designed.
- Oversight Controls: Those procedures applied periodically by senior management to ensure that supervisory and/or operating controls have been applied as designed. Examples include: status reports, exception reports, budgeted versus actual comparisons, etc.
- Internal Auditor Controls: Those procedures applied periodically by auditors outside the department to test and evaluate sample populations of events or transactions for compliance with policies and procedures.