Key Stakes
For several years, many sectors of activity have been facing changes, some of which are linked to the legislative and regulatory changes that frame their activities and to the taking into account of regulators' expectations that are sometimes complex in their interpretation and application.
This new context has led to the creation of a Compliance function within organizations. If the notion of compliance is sometimes old, it nowadays encompasses very broadly, beyond compliance with laws and regulations, deontology, soft laws, professional standards and practices and professional ethics, giving compliance a scope of action as wide as it is ambitious and a mandate that can be different from one company to another in a significant number of areas (ESG, sustainable finance, data management, corruption, fraud, cyber security, business continuity, third party management...).
The creation of the Compliance function has thus significantly and permanently modified the structure of the internal control system and the sharing of roles and responsibilities between the risk management players, raising the question of the coordination of the Risk functions in the broadest sense of the term, as well as that of the positioning of Compliance within the Internal Control system, given its dual role of advising and controlling the business teams.
Internal Control, which includes a set of resources, behaviors, procedures and actions adapted to the specific characteristics of each company, is not an end in itself and contributes largely to controlling the company's risks related to its processes. The issues at stake are those of the means implemented to ensure this control in an optimized manner.
However, the Internal Control Function has been undergoing a major transformation of its organization for several years now, well beyond the impact of the creation of the Compliance Function. This transformation is linked to the evolution of the lines of responsibility between the various stakeholders in the internal control system, with in particular :
- The increasingly frequent structuring of an operational control (1st line of defense), placing the primary management of risks at the heart of the business processes
- The redefinition of the mandate of the teams of independent controllers (2nd line of defense), which today focuses more on the control of controls, the verification of the compliance of operations and activities and a challenge of the control system implemented by the business lines
- Refocusing the mission of internal audit (3rd line of defense) on the assessment of the overall effectiveness of the risk management system, its performance and the ability of the organization to manage its risks in a forward-looking manner in order to adapt more quickly to changes in its environment.
Our Expertise
We are convinced that companies with strong compliance and internal control systems are better able to meet the expectations of their customers, regulatory authorities, investors, teams and managers.
Our expertise in the field of Compliance and Internal Control enables us to bring real added value to the issues in these areas and to share with our clients the best practices and trends that we identify in the course of our market studies and regulatory watch.
We can assist you in defining, implementing or overhauling your internal control system in all its components: risk mapping, corpus of policies and procedures, controls, incident management, action plans, reporting, etc.
Our Compliance experts can also intervene on a wide range of compliance topics and areas and help you operationally to meet all applicable obligations and regulations.
Our Services
We are able to intervene on all issues related to Internal Control and Compliance for companies in all sectors :
- Organization of Compliance, Permanent Control and Internal Audit functions
- Risk mapping
- Definition of standards and repositories
- Drafting of charters, policies and procedures
- Deployment of GRC tools
- Regulatory compliance
- Compliance audits
- Remediation plans
- Follow-up of recommendations
- Training on Compliance and Internal Control