Title :
Structuring Compliance Risk Identification Using the CORAS Approach: Compliance as an Asset
Author :
Esayas, Samson Yoseph
Author_Institution :
Norwegian Res. Center for Comput. & Law, Univ. of Oslo, Oslo, Norway
Abstract :
The global scale of modern business and information technology enables companies to trade across borders but at the risk of being subject to laws in diverse jurisdictions. The regulatory requirements with which businesses have to comply are drastically increasing not only in sheer number but also in complexity, confronting businesses with the need to adapt to a complex, evolving regulatory environment. Crucial to a business´s survival and profitability in such environment are understanding and managing legal and compliance risks. This need has spurred significant recent interest in integrated governance, risk, and compliance (GRC) management. A central element in integrated GRC management is following a risk-based approach to compliance which prioritizes compliance requirements based on their level of risk. Despite the need for risk-based compliance, few specific methods or approaches for identifying compliance risks have been developed. This paper presents a structured method for identifying compliance risks from compliance requirements and the business environment.
Keywords :
business data processing; legislation; organisational aspects; CORAS approach; business environment; compliance as an asset; compliance requirement; compliance risk identification; information technology; integrated GRC management; integrated governance risk and compliance management; legal risk; profitability; regulatory environment; regulatory requirement; risk-based compliance; Law; Organizations; Risk management; Standards; Compliance; compliance management; legal risk; risk identification; risk management;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.67
