These are challenging and complex times. COVID-19 is forcing organisations to adapt quickly and change their business model in the process. In an era of compliance, with many regulations and regional “interpretations”, leaders and organisations need to be careful about how they conduct business, who conducts business in their name and with whom. This demands extraordinary attention to the means and mechanisms used by the organisation.
Due diligence, in legal terms, entails taking reasonable steps to satisfy any legal or regulatory requirement, regardless of size or type of business conducted. Businesses also need to take any of a number of mandated steps to ensure that the organisation remains safe from any unwanted or unauthorised action taken in their behalf. For example, when making an investment such a merger or an acquisition, the organisation needs to take the appropriate action on the proper due diligence necessary to make the most informed decision possible. Being casual about the due diligence process is a failure to execute the proper level of investigation regarding the assets being purchased or financed or the management team being backed and vetted.
Where Risk Management Comes into Play…
Risk management is the identification, evaluation, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application
of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities. A formal business discipline that relies on the forecasting and evaluation of any risks, along with identification and (where feasible or warranted) implementation of procedures to avoid or minimise their impact.
Risks can come from various sources including your employees. From a risk management perspective, the penalties on conducting business that can result from unwanted or unauthorised third-party relationships or any employee unethical business action are very high—making it imperative to perform due diligence when trying to protect your business and brand. Inadequate due diligence can easily take down an organisation; from damaged reputation to brand devaluation, from regulatory violations to fines and jail terms for directors, the risks are very high. The risks from losses of such potential magnitude should not be ignored. At such cost, implementing the most stringent and effective controls and protections in place even at a cost STILL makes absolute financial sense. And the only way to fully protect a corporation’s assets, therefore, is through a strong and viable 360 due diligence program.
> Learn more about “When is due diligence most critical?”
Managing risk and due diligence should begin with a policy and a plan. Here we will focus on the human element of risk management, specifically background investigations. Organisations need to perform due diligence to make sure that their business is adequately conducted by their employees and through their partners’ and vendors. Such insurance invariably includes regular security audits, ISO certification, pre-employment background checks, TPRM, etc…
There are several incentives to practice due diligence and perform risk management to ensure you conduct business appropriately and comply with all applicable laws and regulations. Anything less is just asking for trouble and losses!
What Can (and Should) Organisations and Risk Professionals Do?
The very first step to mitigating risks and exposures starts with a risk assessment. There are plenty of risk assessment checklists and tools available. If you want to dive deeper into how to start a risk assessment, just read our “Risk assessment breakdown: Identification, Analysis, Evaluation” to learn more. Once risk professionals get a handle on their due diligence processes and other compliance regimes, it’s time to start the entry process into the regulatory life cycle:
- Prioritisation and planning
- Implementation of a response
- Integration of related tools, technologies, audits, processes and procedures to integrate compliance into normal operations
The first steps toward achieving compliances are usually big ones and may require substantial time and effort. But after that, it’s just a matter of sticking to a routine to maintain compliance, meet reporting requirements and keep up with changes to governing regulations and day-to-day tools and operations.
About CRI Group
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.
Prove that your business is ethical with a Gap Analysis (FREE)
Evaluation of Corporate Compliance Programs – Highest Ethical Business Assessment: Evaluating Adequate Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Framework
Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC® experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.
The HEBA survey is designed to evaluate your compliance with adequate procedures to prevent bribery and corruption across the organisation. This survey is monitored and evaluated by qualified ABAC® professionals with Business Ethics, Legal and Compliance background. The questions are open-ended to encourage a qualitative analysis of your Compliance Program and to facilitate the gap analysis process.
The survey takes around 10 minutes to complete. TAKE THE SURVEY NOW!