What is enterprise risk management (ERM) and why integrate legal compliance into it?

ERM is a holistic process to identify, assess, and manage risks across the organization. Integrating legal compliance ensures regulatory obligations are considered in risk decisions, reducing violations, fines, and reputational harm.

What is the purpose of a risk register in ERM with compliance?

A risk register lists risks, their likelihood and impact, owners, and controls. For compliance, it includes legal/regulatory risks and tracks obligations, controls, and remediation status.

How should an organization monitor regulatory risk?

Identify applicable laws, assess impact, implement and test controls, track changes, and use dashboards with audit findings and remediation progress.

Who is responsible for integrating compliance into ERM?

Senior leadership and a risk/compliance function, with process owners and internal audit, collaborate to governance, escalation, training, and accountability.

What is the difference between preventive and detective controls in compliance?

Preventive controls aim to stop violations (policies, approvals, access controls); detective controls identify violations or deviations after they occur (monitoring, audits, exception reports).