It hasn't really changed. Our Compliance Program has a self-assessment component, I review all of the self-assessments for reasonableness and accuracy. Our i/a vendor, when they audit a line unit looks at compliance and also tests the accuracy of the self-assessments.
To help encourage honesty, a self-assessment compliance error, will probably not reach the audit committee depending on the severity of the error and if management and I agree on a work out a plan. However, compliance issues identified in i/a go to the audit committee and if the self-assessment was not candid, those findings go directly to high-risk and at a minimum an "needs to improve" audit rating regardless of how the rest of the i/a goes.
We don't do any SFR or consumer lending which helps, but in some other shops where I've been and run this program that did, management did the assessing and I did the reviewing. You get a lot more ownership for compliance issues, IMHO, if management is also responsible for monitoring.
That being said, I spend a lot of time working with management trying to set up systems that make compliance part of the process. I'd much rather spend my time setting something up right the first time than fixing it later.
_________________________
The opinions are mine and do not necessarily reflect those of my employer.