I have been talking (and writing) for a long time about the sad reality that leaders of organizations around the world see risk management as something they have to do rather than want to do.
If you focus on listening and talking to management and the board, with a thoughtful discussion of the situation, not only will your objectives be achieved but you will have credibility with them.
There are at least 8 essential components of compliance risk management programs. Risk management aims to reduce the likelihood that an organization will not achieve its goals and objectives. Compliance is the obligation to adhere to laws, regulations, contract terms, internal policies, and other requirements. Compliance risk management refers to the organizational procedures, processes and culture that reduce the likelihood of non-compliance.