Thanks for the vid. Question. Is training a control? Or is the monitoring of training completion a control or both? Keen to hear you’re thoughts. Moreover ‘reactive’ controls as a type is interesting. I usually think of preventative, detective and corrective controls. All of which could be implemented in reaction (and therefore reactive?) to an issue or risk.
Training is a control because employee awareness limits the likelihood of a risk materialising. People can't manage risks they don't know about. Monitoring is training completion is part of oversight, it's how you check to see if the control is being implemented and works effectively. With respect to reactive think damage control or damage limitation. In the event of a risk event materialising we still have an obligation to limit the damage. Preventative and Detective are about trying to stop the risk from happening in the first place. Corrective for me is part of reactive.
Not directly related to the topic but Please also clarify who is responsible for managing compliance risk. Does the compliance officer design the controls for business or advice?
Compliance risk is owned by the business, they are responsible for implementing controls and effectively managing the risks. Compliance doesn't own the risk, we advise management about the risks and how to effectively manage them e.g. the best controls to have in place.
It is getting better with every next video! Way to go! Have a day ahead!
Thank you. Same to you!
Thank you for helping me get the role as a Compliance Assurance Manager. Your videos have been of great help!
Thank you @Kudzai
I love this...congratulations 🥳
Your videos are so helpful. THANK YOU
Happy to share!
Well articulated...
Thank you!
So informative❤Thank you so much
My pleasure. Thanks for watching!
I am new to Compliance as a student ( and learnt some things by default) but I am finding your videos extremely helpful THANK YOUUU
You're very welcome! Looking froward to giving you a lot more helpful video.
Thanks for the vid.
Question. Is training a control? Or is the monitoring of training completion a control or both? Keen to hear you’re thoughts.
Moreover ‘reactive’ controls as a type is interesting. I usually think of preventative, detective and corrective controls. All of which could be implemented in reaction (and therefore reactive?) to an issue or risk.
Training is a control because employee awareness limits the likelihood of a risk materialising. People can't manage risks they don't know about. Monitoring is training completion is part of oversight, it's how you check to see if the control is being implemented and works effectively.
With respect to reactive think damage control or damage limitation. In the event of a risk event materialising we still have an obligation to limit the damage. Preventative and Detective are about trying to stop the risk from happening in the first place. Corrective for me is part of reactive.
Not directly related to the topic but Please also clarify who is responsible for managing compliance risk. Does the compliance officer design the controls for business or advice?
Compliance risk is owned by the business, they are responsible for implementing controls and effectively managing the risks. Compliance doesn't own the risk, we advise management about the risks and how to effectively manage them e.g. the best controls to have in place.