The place and the role of compliance management in corporate governance is very important. Corporate governance is a system of relations that determines the procedures for decision-making concerning the activity of a company and exercising control. The importance of corporate governance consists of the fact that it is one of the key elements for the successful activity of a company. Without building an effective corporate governance system, the company cannot achieve its set goals.
Compliance is an integral part of a company’s general system of risk management, which, in turn, is an integral part of the corporate governance system of a company.
Currently, the model adopted by the International Institute of Internal Auditors is most often used to determine the place and role of compliance and risk management in the corporate governance system of a company.
This model is called «Three Lines of Defense.» According to this model:
- The first line of defense is business units and risk owners that take primary management measures.
- The second line of defense is risk management units that support and monitor the first line.
- The third line of defense is an internal audit that provides independent and objective confirmation of the proper functioning of the first and second lines of defense.
According to «Three Lines of Defense,» a compliance unit must be on the second line as it is the compliance that monitors and controls how effectively compliance risks are managed. Effective compliance is important in corporate governance because compliance risks are managed.
Responsible corporations use a system of checks and balances to align profitability goals with competing stakeholder ethical concerns and risks. In this context, the most common inclusive approach is to execute corporate governance from a compliance standpoint.
At a glance, corporate governance establishes the framework or overall management approach that determines an organization’s direction and how a company positions itself to meet its internal and external obligations. It is a collection of processes that govern how a company is directed, administered, or controlled. In contrast, corporate compliance ensures that businesses follow specific legal, regulatory, contractual, or policy requirements.