ISO 19600: A Risk-Based Approach to Compliance Management
Steven Minsky | May 7, 2015
LogicManager has long believed that an Enterprise Risk Management methodology, also known as a risk-based approach, is the best way of accomplishing any type of organizational governance. With risk as the common factor, governance activities become standardized and comparable, enabling better decision making.
As it turns out, the International Organization for Standardization, or ISO, agrees.
ISO 19600:2014 is a guideline for compliance management systems, designed to establish an effective and responsive method of accomplishing good governance. ISO 19600 accomplishes that goal by adopting a risk-based approach.
“Compliance management goes beyond the mere satisfaction of legal requirements. Compliance is also related to meeting the needs and expectations of a wide range of stakeholders. Therefore making sound choices and the setting of priorities is an important part of compliance management. ISO 19600 follows a risk-based approach to compliance management that is aligned with ISO 31000.”
Organizations benefit from a risk-based approach by improving their ability to prioritize compliance concerns and adding context to compliance obligations. The guidelines recommend stakeholders consider, “What is the risk (threat or opportunity) if I do (not) adopt a stakeholder’s need as a compliance obligation?” Or, in other words, what can go wrong? Risk management software can support the compliance management process by automating communication, and improving the aggregation and analysis of data.
Based on the results of the compliance risk assessment, controls and monitoring can be implemented to ensure organizational goals are met. The end results is the iterative ERM process of Identify, Assessing, Mitigating, and then Monitoring risk.