Compliance across healthcare, data privacy, HSE, and broader regulatory domains is central to effective risk management in pharma, where failure can trigger fines, reputational damage, and ESG impact. Despite their diversity, these areas rely on common foundations - clear policies, robust risk assessments, internal controls, third-party oversight, governance, training, and disciplined execution - yet management must still ask whether these frameworks are truly effective and sufficiently mature. This session examines how a strong second line assurance function can independently assess the design and maturity of compliance and control environments, providing objective insight, constructive challenge, and practical support to local units. It also explores a pragmatic approach to evaluating fraud risk management maturity under the COSO framework, leveraging existing structures to meet auditor expectations, avoid duplication, and strengthen overall assurance.
