-
·
Compliance vs. Compliance Risk – What’s the Difference?
1. Introduction 1.1 Purpose of This Guide Compliance and compliance risk are two terms that often appear together in organizational and regulatory discussions, yet they signify distinct—though complementary—concepts. This guide aims to: 1.2 Why the Distinction Matters Misinterpreting or conflating compliance with compliance risk can lead to: Thus, recognizing how compliance shapes day-to-day adherence while compliance risk addresses…
-
·
(UK) Navigating UK Regulatory Compliance: Key Challenges for Internal Auditors Post-Brexit
When the United Kingdom officially left the European Union, it triggered one of the most significant regulatory overhauls in recent British history. While many rules were initially “copied over” to maintain continuity, the UK is now free to amend, replace, or diverge from EU regulations on data privacy, financial services, trade, consumer protection, and more. For organizations operating in…
-
·
(UK) Preparing for UK SOX: Internal Audit’s Role in the 2024 UK Corporate Governance Code Changes
The year 2024 marked a watershed moment for UK corporate governance. Spurred by high-profile corporate collapses and calls for stricter accountability, the UK Corporate Governance Code is slated for a series of changes that closely mirror the United States’ Sarbanes-Oxley Act (often abbreviated as “SOX”). While the UK has long maintained a principles-based approach to governance, recent…
-
·
Internal Audit in Financial Services: A Comprehensive Guide to AML, KYC, and Compliance Audits
Financial services is one of the most heavily regulated industries in the world. Banks, insurers, asset managers, and other financial institutions must navigate a complex matrix of global and local regulations to protect consumers, preserve market stability, and prevent illicit activities like money laundering and terrorism financing. In this environment, internal audit functions play a…
-
·
OCC Risk Categories: Comprehensive Primer on the OCC’s Risk Categories/Risk Stripes
Enterprise risk management (ERM) has evolved from a collection of disparate risk‐control activities into an integrated, strategic discipline that underpins the resilience of today’s financial institutions. The Office of the Comptroller of the Currency (OCC) has played a pivotal role in shaping risk management practices in U.S. banking, providing robust regulatory guidance and defining a…
-
·
How Internal Audit Can Drive Continuous Regulatory Readiness: A Proactive Approach to MRAs/MRIAs and Beyond
This article aims to shift the conversation from reactive to proactive: rather than responding to MRAs/MRIAs after they’ve arisen, how can internal audit teams embed continuous readiness into their processes? It covers cultural elements, training, communication strategies, and the use of technology to anticipate changes in the regulatory landscape. This resource is tailored for a…
-
·
Building a Robust Governance, Risk, and Compliance (GRC) Framework: Balancing Regulatory Demands in Financial and Non-Financial Sectors
This piece is designed for a professional internal audit audience, delving into how to create, implement, and sustain an effective GRC framework capable of withstanding regulatory scrutiny in both financial and non-financial industries. Although IA is typically not part of the development and/or implementation of a GRC framework given that they are part of the…
-
·
The Lifecycle of Regulatory Issues (MRAs/MRIAs) & Internal Audit: From Identification to Remediation
In today’s dynamic environment, businesses—whether operating in strictly financial sectors or spanning broader industries—face a host of regulatory requirements. Regulatory bodies consistently scrutinize organizations for compliance with legal, operational, and ethical standards. In the banking world, for example, the Office of the Comptroller of the Currency (OCC) and the Federal Reserve often issue Matters Requiring…
-
·
A Primer on Regulatory Thresholds: An Exploration of Financial and Non-Financial Across the United States, European Union, Japan, China, and Beyond
In our interconnected and often complex world, regulations shape the contours of corporate conduct, economic stability, environmental stewardship, consumer protection, and technological innovation. Many of these regulations rely upon thresholds—quantitative or qualitative lines that determine when certain rules apply and when they do not. Understanding these thresholds is essential for anyone seeking to navigate the…
-
·
What Do Regulators Really Expect? An Insider’s Guide for Internal Auditors
As the regulatory landscape grows ever more complex and expectations soar, one question that consistently puzzles internal auditors is: What do regulators really expect? It’s no longer sufficient for internal audit teams to check a compliance box; instead, they need to engage deeply with regulatory requirements and align their audit plans, testing procedures, and reporting…
The world’s #1 internal audit resource – search below
Created for IA pros using a desktop, this is an instantaneous search engine that will instantly scour through one of our thousands of articles and pieces and deliver super useful results. Search for anything – we probably have something on it somewhere.