Compliance versus Obligation Risks

Updated: Jun 10

When it comes to performance-based compliance you need to manage both compliance and obligation risk.


  • Compliance risk are the effects of uncertainty of non-conformance. These impede outcomes.

  • Obligation risk (i.e. opportunities) are the effects of uncertainty of conformance. These advance outcomes.


To manage both the following are helpful tools, and systems:


  • Bow-Tie Analysis - evaluate risk and controls to optimize risk buy-down and opportunity invest-up plans

  • ISO 31000 Risk Management System - provides a framework to manage risks and opportunities across their life-cycle. Don't create an opportunity for threats to penetrate your defenses or opportunities to be missed by missing a step.

  • ISO 19600 Compliance Management System - provides a framework to manage all your obligations under one governance system. It does this by establishing processes to identify, implement, evaluate, and maintain all mandatory and voluntary obligations covering: quality, safety, environment, security, regulatory, and other risk-based obligations. The goal of ISO 19600 is to ensure effectiveness.


When obligation risk is addressed ahead of time it reduces the probability of compliance risk. Not only will you protect against loss but you also advance outcomes at the same time.


It pays to be proactive.


#effectivecompliance #riskmanagement

Lean Compliance helps companies adopt and improve compliance systems to better meet performance and outcome-based obligations.

We offer specialized programs and training tailored to fit each company's size and capabilities. 

Schedule a call with us today to find out which programs are best for you.  You can book your appointment here.

© 2020 Lean Compliance™

All rights reserved.

Access free workshops and resources to help you manage your compliance during and post COVID-19.