Thread Options
#815139 - 09/14/07 01:17 PM Who performs compliance risk assessment?
butercup Offline
Junior Member
Joined: Aug 2004
Posts: 31
I need some clarification. Should the compliance department be performing the compliance risk assessment or should internal audit do it? Right now there is a very blurry line between what compliance should be doing and what internal audit should do. Currently, Internal audit completes an annual risk assessment that includes the compliance side. I feel like compliance should conduct their own risk assessment and develop a review schedule from that. Right now, the only reviews that get done are my audits. I think Internal audit should include compliance as a whole on the audit risk assessment and conduct an audit of the entire compliance department on an annual basis.

What do other banks do?

Return to Top
#817128 - 09/18/07 03:49 PM Re: Who performs compliance risk assessment? butercup
ahou Offline
Power Poster
Joined: Aug 2002
Posts: 3,094
We have an IA for safety & soundness audits and an IA for compliance audits. The Compliance auditor does a compliance risk assessment and designs an audit schedule from that assessment. The previous bank I worked for did the same.
Opinions are my own and not of my employer.

Return to Top
#817188 - 09/18/07 04:31 PM Re: Who performs compliance risk assessment? ahou
DeeQ Offline
10K Club
Joined: Dec 2002
Posts: 40,760
Turnpike Exit 10
The Compliance Officer performs the compliance RA ands the IA does the IA risk assessment forhis area. The Audit & Compliance Committee approves both annually.
Get your facts first, then you can distort them as you please. - Mark Twain

Return to Top

Moderator:  Andy_Z