Guru Speak

Incessant developments in all aspects of business, such as IT, markets, competition and customer demands, mean the roles of compliance and audits cannot be taken for granted. Risks are unavoidable in business, but they can be avoided or ameliorated with diligence.

Successful firms should develop a risk awareness culture against both expected and unexpected problems, composed of three lines of defence - ownership, compliance and audits.

Owners are the most familiar with what's going on in their territory and which areas are vulnerable, while sufficient training is important for staff so they can perform properly.

Owners can get used to routine operations, take things for granted and fail to realise some problematic areas, so independent experts are important to identify or analyse root causes well in advance. Companies should ensure that necessary skills and knowledge are properly transferred to successors if there are management reshuffles or staff transfers.

Compliance officers' duties primarily involve the initiation and development of policies and procedures for general operations and business activities. They also perform periodic reviews and updates of rules and regulations to prevent illegal, unethical or improper conduct and provide guidance to management and employees.

They should have sufficient knowledge of current business to pinpoint what can or cannot be done. Amid rapid changes, they should be proactive in not just curing problems, but also in keeping abreast of the status of all compliance activities and identifying trends and preventive measures.

The role of auditors is to close any loopholes, and they are vital to the sound governance process. With their broader perspectives as internal but independent observers, auditors will be well aware of risk and control issues and, by assessing the effectiveness of risk management, should be able to effectively analyse elements of products, services or operational procedures to minimise any undesirable impacts, issues which might not be recognised by "owners" focused only on the tasks they know best.

To meet the changing demands of firms, auditors must play a strong role in governance, risk management and internal control. They should possess the necessary skills and competency, understand and respond to the changing needs of the profession and keep pace with market developments.

With tightening competition and calls for increased professionalism and transparency, firms cannot afford to make mistakes, and should strive to maintain a balance between business and control.

Kannika Ngamsopee is Executive Vice President Chief Audit and Compliance Officer of Siam Commercial Bank.