ASCENSIONATO RAFFAELLO CARNÀ, PH.D.
Business Administration, Chartered Accountant

Whatever the reasons or the objectives for seeking compliance in a business, the basic processes leading to ensuring compliance are always the same. In fact, complex organisations increasingly feel the need to protect their business from multiple compliance risks.

In addition, the need for compliance programmes may originate locally (from the single subsidiary) or globally (from the parent company, which implies implementation at local level too).

In this scenario, the integrated governance of compliance processes should be based on:

1. univocity and centrality of the ICS. In other words, it is a question of identifying the numerous risk factors and the related control measures to integrate, so to avoid redundancy and inefficiency in the system;
2. implementing comprehensive and transversal risk assessment. It is well known that the same risk (for instance, corruption, other) may occur within different business processes (supply chain, use of consultants, relations with HCPs, other);
3. identifying control levels: 

• first line of defence, where o ...