Check these out next
Model to Quantify Compliance Risks.pdf
0 gostaram
visualizações
This Slideshare presentation by Professor Hernan Huwyler discusses a model to quantify compliance, legal, and contractual risks. It highlights the importance of understanding the impact of uncertainty on objectives and identifies mandatory and voluntary compliance objectives. The presentation discusses different techniques to quantify risks, such as heatmaps, risk matrices, common malpractice, scores, and escalation matrices, and the problems with these techniques, such as biases, incomplete data, and aggregation issues. The presentation proposes a compliance risk modeling approach, which involves understanding the distribution of events, consequences, impact, causes, and frequency of risks. It suggests using different probability distributions, such as log-normal, Pareto, normal, Poisson, Bernoulli, and triangular, to model risks. The presentation also discusses the chain of events that can lead to different types of losses, including penalties, compensations, fines, sanctions, legal and remediation costs, loss of customers, marketing depreciation, loss of licenses, and stock price. It explains different techniques to model losses, such as graphs, decision trees, Monte Carlo simulations, and calibrated estimates. Finally, the presentation highlights the importance of using different sources of risk data, including internal and external data, paid compensations, fines, and credits, fraud losses, legal fees, and complaints, and industry studies, enforcement trackers, and case analysis. It also provides examples of business cases related to compliance objectives and contractual clauses that set penalties for non-compliance. The presentation concludes with a demo of the proposed model to quantify compliance, legal, and contractual risks.
Recomendados
Model to Quantify Compliance Risks.pdf
- A model to quantify Compliance, Legal and Contractual Risks Prof. Hernan Huwyler, MBA CPA Director Executive Education in Compliance, Risk, Control IE Law and Business Schools Gibraltar Association of Compliance Officers
- effect of uncertainty on objectives Risk ISO 31000 Risks ISO 31022 Legal risks
- The objectives in compliance are obligations Mandatory Laws and regulations Contracts, permits and licenses Voluntary Social and environmental commitments Business and transformation plans Quality, fraud, ISOs, policies and procedures ISO 37301 Compliance
- Compliance register
- Heatmaps Risk matrices Common malpractice Scores Escalation matrices
- Best available data are not used Biases are not minimized Investment, control, insurance and legal decisions are no made Corporate defense is not efective Qualitative assessments
- What is wrong about risk matrices, Tony Cox, 2008 > worse than useless Further thoughts on the utility of risk matrices, David Ball, 2013 > untrustworthy picture Some extensions on risk matrix approach, Huihui Ni, 2010 > defects still left unresolved On the origin of probability consequence diagrams, Ben Ale, 2015 > single factor impacts Problems with scoring methods and ordinal scales, Doug Hubbard, 2010 > arbitrary features of the scoring Recommendations on the use and design of risk matrices, Niels Duijm, 2015 > aggregation is problematical Back to Basics: Risk Matrices and ALARP, Glen Wilkinson, 2010 > unable to compare risks Debunked by science
- Understanding that planning compliance actions, controls, liability reserves, legal responses and insurance cannot be done with a wet finger in the air is intuitive Ignorance of probabilistic models is the issue
- Compliance risk modeling
- US Organizational Sentencing Guideline Prioritize periodically the elements of the program in order to focus on preventing and detecting the criminal conduct identified in the risk assessment process as most likely to occur
- US Organizational Sentencing Guideline What is expected? • A reasonable risk based approach • Stronger controls addressing higher risks • Consistent application of controls to risks • Documenting the risk assessment • Periodic review of the risk analysis
- Distributions of events Consequences Impact Log-normal > Long tail losses Pareto > Only large losses Normal > Symetrical Causes Frequency Poisson > More than one event per year Bernoulli > Less than one event per year Triangular > Unsual, few data
- Chain of events First tier losses Penalties and compensations Fines and sanctions Legal and remediation costs Loss of customers Marketing depreciation Loss of licenses and stock price Second tier losses
- Types of losses • Penalties, fines and punitive damages • Private settlements • Legal fees and investigation costs • Product liabilities and recalls • Disadvantage with suppliers • Withdrawal of capital • Increased staff rotation • Increased costs • Lost of revenue by voided contracts • Lost of market capitalization
- Inputs and outputs Techniques Decision trees Monte Carlo Simulations Calibrated estimates Histograms Loss exceedance curves Graphs
- Sources of risk data Internal Paid compensations, fines and credits Fraud losses, legal fees and complains Investigation and response costs Industry studies Enforcement trackers Case analysis External
- Log-normal distribution Min Max Confidence Interval Loss £ Nr Cases
- Risk model
- Business case A Housing Maintenance Code provides for a civil penalty of a minimum of $1,000 with a maximum of $3,000 for lead violations A Copyright Infringement Law sets penalties of $200 to $150,000 for each work infringed and attorney's fees and court costs
- Business case A Privacy Regulation imposes fines in the range from $100 to $50,000 per violation, with a total of $25,000 to $1.5 million for all violations of a single requirement in a calendar year A contractual clause sets a penalty for invoices received beyond the 2 months after a compulsory deadline. It applies an immediate penalty of 5% of the value of the invoice per month of delay with a minimum of $200 penalty up to a maximum of 30% of the value of the invoice
- Model demo
- /in/hernanwyler mastodon.world/ @hewyler hewyler Let´s connect