Governance, Risk & Compliance
This acronym can also be translated as Corporate Risk Management. They are precisely these concepts Management, Governance, Risk and Compliance Corporate defining Complia. In all areas of corporate governance rules it is becoming more demanding and abundant time. Therefore it requires specialized procedures and resources to face those requirements.

In this sense, Complia is the specialized, professional and experienced partner that helps its corporate clients (companies and institutions), offering quality advice and added value for the implementation of effective systems of risk control and prevention the commission of crimes.
From a complete due diligence of the company, we obtain the current diagnosis and evaluate the main risks of the entities, establishing programs to control and risk management, appropriate to the specific needs of each organization.

Moreover, we also provide the proper training, we adapt existing processes and implement new procedures designed to ensure compliance and adaptation to current regulations. In the same way, we establish systems of supervision and monitoring.
  • Criminal Risk Prevention
  • Prevention of Money Laundering
  • Digital Compliance
  • Adjustment Prevention Systems Global Risks
  • Creating a culture of control at all levels of the organization to facilitate compliance with current legislation (from management environments to production environments)
In short, we offer solutions GRC (Governance, Risk & Compliance).

Systems adapted to SMEs (principle of proportionality)

Our methodology is personalized based on the individual specifics of each of the organizations (size, industry, organizational structure, etc.). This allows us to implement systems for effective Compliance Management (CMS) that enable a check on compliance with the law in a way tailored to the needs of each organization.

In this way, we ensure a result that gives confidence and meets the objectives of compliance with an optimal level of security.

Diagnostic solutions, design and implementation of the strategy of corporate governance

A strategy Management Corporate Governance (or governance) is related to equip itself with the necessary resources, and to establish a structure that determine the achievement of the objectives of the organization, at all levels, in all areas, beyond the circle Internal company (managers, owners, shareholders, etc.).
The aim is to establish how we can optimize the interaction with society: regulators, supervisors, employees, financial institutions, interest groups, etc. for the benefit of all parties involved.
Working closely with senior management and ownership of the company, evaluate, diagnose, design and implement the most appropriate strategy for Corporate Governance of our customers, interested in achieving the highest standards in the quality of risk management and current compliance regulations.

Social responsibility management, reputational risk management and sustainability

The actions taken by economic agents affect economic relations (companies, institutions, etc.), generating impacts on society, environment and community.
Managers should take preventive measures to ensure effective compliance. It is important to establish the internal codes of conduct necessary for all this is in socially responsible actions, caring for and respecting the reputation of the company or institution, with these sustainable measures in time.
Complia works closely with its customers, leading successfully meeting their goals.

Measurement and monitoring compliance with the highest standards and codes of conduct

It should establish a framework for evaluation and monitoring of compliance (either by legislation or internal codes of conduct).
The effective control and monitoring are some of the aspects of paramount importance in our compliance strategy, just as it is also for regulatory and supervisory agents. This should allow us to meet and even anticipate their needs and that at certain times we can be screened.
We offer a rigorous and comprehensive assessment of compliance and the internal codes of conduct.


Risk Map: diagnosis of the current situation, risk assessment, their impact, needs assessment, planning, implementation of the measures identified

Risk assessment:

Once implemented the corporate governance framework (or governance) and set objectives, identify the actions to be undertaken.

That is when we evaluate the risks that can have top management. This analysis is done from two perspectives:
1) probability of occurrence of risk
2) impact of the materialization of the risk. Thus, we analyze the extent of the potential actions and measures involved in achieving the objectives.

Our contribution as a company is focused on minimizing the negative impacts of the activity of organizations. We create, design and establish specific and precise map risks, tailored to the type of each company or institution. These models allow us to:
  • Understand and evaluate the main sources of risk for companies
  • Identify risk-minimizing measures (probability or impact) recommended in every situation
  • Set, identify and propose appropriate implementing effective controls


Evaluate, distinguish and identify areas for improvement on regulatory compliance and control level

In the process of reviewing corporate processes, identify the gaps in the area of regulatory compliance of our clients as well as the elements of improvement and deficits by the lack of control of its main activities.
Our recommendations help to strengthen the environment and control scheme our customers with efficient, useful and effective proposals (providing added value and profitability to organizations).

Benchmark and Best Practices. We identify the best options and the differential values

Our comprehensive overview (at all organizational levels), knowledge of the different sectors of economic activity and best practices applicable to each industry, allows us to offer added value differential.
We keep daily informed about the latest trends in the areas of risk management and compliance. In addition, our internal procedures require us to periodically investigate the management and regulatory aspects, in all markets and sectors, enabling us to anticipate regulatory changes.
That is why we provide a cutting-edge, implementing innovative and proven system.

Fixing objectives and assessment

Setting targets for the identification of acts, risk assessment and responses to them are our basic premises of action.
We can set different types of objectives:

Streategic objectives

Aimed at creating value for the organization. They are the mission, vision or purpose of the company or institution

Operating or operational objectives

Related to the effectiveness and efficiency of operations of the entity. These are the objectives related to the performance and profitability of the company. They allow to prevent and preserve the resources of the organization before losses or contingencies

Aims of fulfillment

Referred at the fulfillment of laws and applicable norms. We could identify them as a sectorial factors, that depend of external factors

Reporting objectives

Have the necessary information quality (reliability, required information), in the required time, useful for decision making. Integrate information, internal or external. All financial information type or non-financial

Policies, standards and procedures. Identification, evaluation and definition

In the control activities we identified the following two elements:

·Establish what to do
·Implement procedures to achieve

To make this possible it is necessary that the policies, rules and procedures are written and implemented, thoughtfully and consistently.
Our aim is to collaborate with our clients in the definition and implementation of policies, standards and procedures, applicable and necessary.

Internal control systems applying the guidelines and methodology COSO Model

The COSO (*) methodology is the methodology benchmark for corporate management of global risks. Our systems and procedures (and in general all our actions) internal control is based on the implementation of the international methodology.

We can identify the following components in the enterprise risk management:

·Establishment of internal control environment. Control activities
·Establishment and goal setting. Identifying acts
·Risks. Assessment and response
·Communication and information
·Monitoring and supervision

(*) COSO: Committee of Sponsoring Organizations of the Treadway Commission.

Organizational improvements. Assessment and impact assessment

The implementation of an effective internal control system is the basis for organizational improvements recurrently.
The Internal Control has to be dynamic. The changes are constant due to the environment, regulation, targets and even due to the activity of the company. For this reason, the control system requires a continuous adaptation and improvement. It is necessary to adapt the internal control system through the introduction of organizational improvements that provide improved performance, achieving compliance objectives.
We offer our customers effective organizational improvements. Constantly we evaluated through supervision and conduct tight monitoring to measure impacts in the implementation of these improvements.

Internal / external audit

A demanding and rigorous oversight and independent and objective as possible to carry out a proper enterprise risk management is required, which adds value to senior management. Communication in a timely manner of the failures and incidents is also an absolutely decisive element management processes.
Or implement self-assessment tools that integrate self-worth individuals, as a measure of involvement and commitment to the internal control system established by the organization in general and senior management in particular.
In this regard, we support both management and Internal Audit of the company and also assume the role of External Auditor in monitoring processes.

Training, dissemination and awareness

Good planning training and outreach in these areas is necessary to ensure the proper functioning of the system of Corporate Risk Management and aimed at controlling the directors and executives and key employee.
We provide training and awareness programs in seminary format and e-learning, in order that the whole organization is aligned in the right direction.

Internal monitoring and reporting

The GRC and Internal Control require a follow-up plans for its further development, to facilitate relevant information in time to senior management.
You must have follow-up and internal reporting in order to facilitate adequate feedback of the situation and analyze the evolution of the measures taken to achieve the objectives of improvement with regard to risk assessment and the establishment of controls. In this sense, we define the most appropriate reporting system that ensures a flow of information up and down (in the organization) and external (for regulators, supervisors or other organisms).

Dialogue with all levels of the organization (internal organs, external bodies and regulatory agencies)

We give support to those companies or institutions that have established collegial figure of Internal Body of Monitoring Prevention Model, as well as evaluate the proper functioning of all the preventive system of the organization and certify their effectiveness.
Additionally, we can interact with regulators, on behalf of our clients.