Compliance monitoring is probably an established method of assuring us of good management of regulatory risk. However, if your monitoring is not feeding your risk assessment, there is a fatal flaw.

Compliance Monitoring; this idea that as a second line of defence (2LOD), we carry out assurance of our business and their policies, procedures and controls.

In principle, this is proper, it’s part of the model of 3LOD and generally speaking it’s accepted by regulated businesses as being best practice.

The real challenge then, is not the principle, it’s the execution and then how we integrate the outcomes from this assurance exercise into our decision making, our risk-based approach.

My experience tells me that the best way to do this is by bringing your outcomes into your overall risk management process. Practically this means that your business risk assessment should house the assurance outcomes and this is a way in which you can then attribute a confidence level to your assessment of residual risk.

If you’re not doing this, you probably have a risk in your risk management process.

Recent Posts

See All

Governance is not really about rules

Last year in the UK, 400 million GBP of fines and sanctions were issued to organisations as a result of corporate governance failings. Whilst on the surface, the reasons for these failings are regulat

This website and its content is copyright of Perrin Carey Limited © 2020-2021. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited.

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

"Enhancing performance 

through governance"

© 2020-2021

by Perrin Carey®


Perrin Carey Limited is a company registered in Guernsey under company no. 68118