Compliance, Risk and Governance This report presents to the board of WB a brief overview of the key findings from the review undertaken, elucidating the concerns recognized from the initial findings from an internal audit. The report, then offers a clear clarification as to why continuation of existing practices (and lack of correctional measures) will be risky and detrimental to WB. The report also includes an initial plan of action to address the weaknesses pointed out, both in the short-term and long-term and an explanation of the necessity of the proposed corrective actions, some of which are pre-emptive.

Brief Overview of Key Findings

One of the key issues identified within the internal audit was that a number of high-risk investment products, with a suggested minimum investment term of over 10 years, were sold to consumers aged in the 80s (high-risk category). What is more, such proposals were not communicated to the board of the company before finalizing the deals. Secondly, there is an indication of a poor sales and compliance culture. The investigation revealed a lack of due diligence in the internal audit, record-keeping of customer accounts. It was found that there had been minimal oversight of sales activities in relation to high-risk products, either by management within that area or by the Compliance and Assurance team. Apparently, WB lacks a well-founded compliance culture presently. An organization's culture dictates the climate that is set, and it encompasses the guiding principles, rules, and regulations that are followed by personnel and staff. If the culture within an organization is not set to address and ascribe to compliance issues, the organization is bound to end up in disarray (Kedia et al., 2016). The company ought to take into consideration issues regarding compliance as an important part of its strategy and work ethics; ignoring them can lead to poor business decisions, growing number of dissatisfied clients and under constant scrutiny of regulators (that harms reputation as well as speed of operations). WB should address issues regarding urgently, as it is likely to have a disparaging effect on most of the activities in the organization (KPMG, 2008).

In addition, the internal review of operations within the division revealed training weaknesses relating to both the sales team and the Compliance and Assurance team. Lack of employee training is detrimental to the company in the long-term. This is largely because personnel will continue being ignorant of some crucial requirements, leading to a lack of understanding of any breaches or violations in the conduction of service and sales agreements. Therefore, eventually, the company runs the risk of continued (even if involuntarily, out of ignorance) transgressions from personnel, which can lead to losses for the company in the end. Furthermore, it was found that there was no compliance or governance, risk and compliance manual in use within the division. Instead, the staff depended upon ad hoc guidance and information, and that there was a limited level of reporting and interaction between the branches and main Compliance and Assurance Team. This is a significant aspect for WB to take into consideration as it increases the likelihood of wrongdoing and misconduct. The lack of a compliance manual implies that the personnel as well as high-level staff do not have access to rules, regulations and policies that they should adhere to, and observe (KPMG, 2008).

Action Plan to Overcome Weaknesses

It is imperative for every organization to have effective governance, risk, and compliance practices entrenched into the work culture of an organization. They imply the manner in which management assesses and safeguards against pertinent risks, monitors, and assesses the efficacy of internal controls, and reacts to, and enhances operations centered on learned discernments and acumen. GRC is the incorporation of all governance risk assessment and alleviation, and compliance and control activities to function in combined effect and poise. A GRC approach can aid generate business value by decreasing expenditures, ascertaining operational inadequacies, justifying controls, and facilitating identification and management of risks (KPMG, 2008).

Compliance of Board of Directors and Senior Management

The board of directors of the company is responsible for overseeing the management of WB's compliance risk. The action plan promulgated by the board is the approval of the company's compliance policy encompassing an official document that establishes a permanent and efficacious compliance...

Compliance with appropriate and pertinent laws, rules, and standards ought to be perceived as a vital means to this end. The board is accountable for guaranteeing that an apt and fitting policy is in position to manage the company's compliance risk. The board should undertake oversight of the execution of the policy, as well as making certain that senior management determines compliance problems effectually and expeditiously by employing the compliance function. The board ought to at least an annual assessment of the magnitude to which it effectually manages its compliance risk (KPMG, 2008). The main task of board of WB is putting good governance into practice, and enabling the different departments and branches of the organization to undertake their work in compliance with regulations and strategic objectives. In particular, this extends down to encompass roles, responsibilities and reporting.
The senior management of the firm is accountable for the effective management of its compliance risk. The action plan to be undertaken is for the senior management to institute and convey a compliance policy, for making certain that it is adhered to, and for reporting to the board of directors on the management of WB's compliance risk. In the short-term, the senior management should establish a written compliance policy that encompasses the basic principles to be followed by both, management, and staff, and elucidates the key procedures to help recognize compliance risks and managed through all levels of the organization. In particular, intelligibility and transparency might be instituted by distinguishing between overall standards for all members of staff and rules that are applicable to solely particular groups of staff (KPMG, 2008).

Another responsibility of WB's senior management will be to make certain that the compliance policy being observed takes into account accountability for guaranteeing that pertinent remedial or disciplinary action in the event of any breaches in their compliance are perceived. With the help of the compliance function, senior management of WB should at least, annually ascertain and evaluate the key compliance risk issues facing WB and the strategies for mitigation thereto. Such strategies ought to address any associated shortcomings in the effective management of prevailing compliance risks, in addition to the need for any supplementary policies or processes to counter new compliance risks ascertained, owing to the yearly compliance risk assessment. Secondly, they ought to report any material compliance disasters to the board of directors in a timely manner (KPMG, 2008).

Compliance Manual and Program

Part of the action plan is for the company to establish and implement a compliance manual or program. In essence, the compliance manual delineate basic principles that have to be observed and adhered to by all the senior management and personnel. In addition to the establishment of the compliance manual, WB should ensure that they follow the program together with the laws, regulations, and rules associated to business operations. In particular, this ought to be undertaken with the main purpose of making sure that the company forms an even more ethical corporate culture that is equal and sincere, irrespective of whether it is personnel or executive, and irrespective of work titles or duties. In order for the compliance manual to be effective, it has to include eight distinctive elements (Wulf, 2011).

First, WB has to have high-level company employees or staff who undertake effective oversight and have the authority to directly report to the governing entity such as the Audit Committee.

Second, the program should include written policies and procedures. These are internal controls and standards of conduct that ought to be reasonably capable of diminishing and curtailing the probability of misconduct. In addition, the standards should be integrated into a written code of conduct that facilitates audit systems and other processes to have a practical likelihood of averting and identifying wrongdoing (Compliance 360, 2016).

The third element is training and education. The compliance program should encompass the aspect of informing personnel through education and training. This is not only to inform them of the prevailing regulations and policies but also the new and revised ones.

The fourth element of the compliance program encompasses lines of communication. WB must take effective steps, to communicate periodically and in a real-world way, its standards and processes, and other elements of the compliance and ethics programs throughout the organization, including senior management and the board of directors. In particular, WB should have a system of record encompassed in its compliance that facilitates it to not only manage but also convey information concerning change in regulations and create automated alerts to make certain that those involved and responsible for implementation are aware and informed of the latest updates (Compliance 360, 2016).

In addition, standards ought to be implemented through punitive guiding principles that are well publicized. The program should also encompass internal compliance monitoring. The compliance program and manual should include responses to recognized…