2012 Spring Report of the Auditor General of Canada

Spring 2012 Report—Chapter 4

Exhibit 4.2—The Compliance Risk Management Process

This flow chart shows the Organisation for Economic Co-operation and Development’s Compliance Risk Management Process for evaluating the effectiveness of an organization’s strategies for encouraging compliance.

The compliance risk management process functions within an “operating context.” The first step in the process is to identify risks, followed by assessing and prioritising those risks. The next step is to analyse compliance behaviour, including causes and options for treatment. Next is determining treatment strategies, followed by planning and implementing those strategies. From that step, the process shows two loops back to the beginning. One loop is monitoring performance against the plan. The other is evaluating compliance outcomes for registration, filing, reporting, and payment. These two loops link back to the first step of identifying risks, showing that the process is ongoing.

Source: Organisation for Economic Co-operation and Development (OECD), Guidance Note: Evaluating the effectiveness of compliance risk treatment strategies