An effective risk management system promotes the use of forecasts and planning. As such, it is strategically important and even indispensable for reliable corporate monitoring and management. As an integral part of corporate governance, it helps identify unexpected deviations from corporate goals at an early point in time, focus on the future and put the board of directors in a position to break complex issues down into their essential components.
Compliance comprises the observance and monitoring of laws, guidelines, internal standards and voluntary codes within a company. As regulation increases at both the national and international level it brings not only greater complexity within companies but causes the cost of compliance to rise, as well. A compliance function that is professionally created and maintained, on the other hand, reduces or avoids the negative consequences of non-compliance which could include legal sanctions, financial losses or reputational damage.
Stock Corporation Law demands that the board of directors, as the overall management and control body, take any steps necessary to ensure that laws, articles of incorporation, regulations and directives are followed within the company. However a search for more detailed explanations as to how these measures should look in concrete terms would be in vain.
Marginally more precise information can be found in the “Swiss Code of Best Practice for Corporate Governance” of economiesuisse, Switzerland’s economic umbrella organization. When it comes to risk management, it is the board of directors’ obligation to set up an internal control system that is adequate in terms of the company’s size, complexity and risk profile. Depending on the special attributes of a company, this system must also cover risk management with regard to both financial as well as operational risks. The board of directors can assign the compliance function to the internal control system, as well. The board must structure this in line with the specific attributes of the company and, at least once per year, give an account as to whether awareness of the compliance principles applicable to the board and the company is sufficient and whether or not these principles are adhered to at all times.