There are at least 8 essential components of compliance risk management programs. Risk management aims to reduce the likelihood that an organization will not achieve its goals and objectives. Compliance is the obligation to adhere to laws, regulations, contract terms, internal policies, and other requirements. Compliance risk management refers to the organizational procedures, processes and culture that reduce the likelihood of non-compliance.
While the cost of control is certainly something to consider, there are times (many, many times) when more risk should be taken because of the potential for increased reward.
When we make a decision, we normally make a number of assumptions about what we expect to happen. My view of risk management, or should I say risk management that adds value and helps an organization succeed rather than just avoid failure, is all about what might happen.