Aon is a leading global professional services firm that provides a range of risk, retirement, and health solutions. To ensure compliance with regulatory requirements and industry standards, Aon conducts thorough risk assessments and compliance checks. Here are 11 key risk compliance checks that organizations should be prepared to pass when working with Aon:
Introduction to Aon Risk Compliance Checks
Aon’s risk compliance checks are designed to identify potential risks and vulnerabilities that could impact an organization’s operations, reputation, or financial stability. These checks are typically conducted as part of a comprehensive risk assessment or audit, and may involve reviews of an organization’s policies, procedures, and internal controls. By understanding the 11 key risk compliance checks outlined below, organizations can better prepare themselves for Aon’s risk assessment process and ensure that they are adequately managing their risks.
Risk Compliance Check 1: Data Protection and Privacy
Aon’s first risk compliance check focuses on an organization’s data protection and privacy policies and procedures. This includes reviews of data handling practices, data encryption methods, and employee training programs. Organizations should be prepared to demonstrate their compliance with relevant data protection regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
| Compliance Category | Required Controls |
|---|---|
| Data Protection | Encryption, access controls, data backups |
| Privacy | Employee training, data subject rights, incident response plan |
Risk Compliance Check 2: Information Security
Aon’s second risk compliance check evaluates an organization’s information security controls, including network security, application security, and incident response plans. Organizations should be prepared to demonstrate their compliance with industry standards, such as the NIST Cybersecurity Framework or the ISO 27001 standard.
Key areas of focus for this check include:
- Network security controls, such as firewalls and intrusion detection systems
- Application security controls, such as secure coding practices and vulnerability management
- Incident response plans, including procedures for responding to security incidents and notifying affected parties
Risk Compliance Check 3: Compliance with Regulatory Requirements
Aon's third risk compliance check assesses an organization's compliance with relevant regulatory requirements, including anti-money laundering (AML) and know-your-customer (KYC) regulations. Organizations should be prepared to demonstrate their compliance with regulations, such as the Bank Secrecy Act (BSA) or the USA PATRIOT Act.
| Regulatory Requirement | Required Controls |
|---|---|
| AML | Customer due diligence, transaction monitoring, reporting suspicious activity |
| KYC | Customer identification, verification, and validation |
Risk Compliance Check 4: Business Continuity and Disaster Recovery
Aon’s fourth risk compliance check evaluates an organization’s business continuity and disaster recovery plans, including business impact analysis and risk assessments. Organizations should be prepared to demonstrate their ability to respond to and recover from disruptions, such as natural disasters or cyber attacks.
Key areas of focus for this check include:
- Business impact analysis, including identification of critical business processes and dependencies
- Risk assessments, including evaluation of potential risks and threats to business operations
- Business continuity plans, including procedures for responding to disruptions and maintaining business operations
Risk Compliance Check 5: Financial Reporting and Accounting
Aon's fifth risk compliance check assesses an organization's financial reporting and accounting practices, including financial statement preparation and internal controls. Organizations should be prepared to demonstrate their compliance with relevant accounting standards, such as GAAP or IFRS.
| Financial Reporting Category | Required Controls |
|---|---|
| Financial Statement Preparation | Accounting policies, financial statement review, audit committee oversight |
| Internal Controls | Control environment, risk assessment, control activities, monitoring and review |
Risk Compliance Check 6: Environmental and Social Responsibility
Aon’s sixth risk compliance check evaluates an organization’s environmental and social responsibility practices, including environmental sustainability and corporate social responsibility. Organizations should be prepared to demonstrate their commitment to environmental and social responsibility, including implementation of sustainability initiatives and community engagement programs.
Key areas of focus for this check include:
- Environmental sustainability, including reduction of greenhouse gas emissions and waste management
- Corporate social responsibility, including community engagement and philanthropy
- Human rights, including respect for human rights and fair labor practices
Risk Compliance Check 7: Health and Safety
Aon's seventh risk compliance check assesses an organization's health and safety practices, including workplace safety and employee wellness. Organizations should be prepared to demonstrate their commitment to maintaining a safe and healthy work environment, including implementation of safety protocols and employee wellness programs.
| Health and Safety Category | Required Controls |
|---|---|
| Workplace Safety | Risk assessments, safety protocols, employee training |
| Employee Wellness | Wellness programs, employee assistance programs, health promotion initiatives |
Risk Compliance Check 8: Insurance and Risk Financing
Aon’s eighth risk compliance check evaluates an organization’s insurance and risk financing practices, including insurance coverage and risk retention. Organizations should be prepared to demonstrate their ability to manage and finance risks, including implementation of insurance programs and risk financing strategies.
Key areas of focus for this check include:
- Insurance coverage, including property, liability, and workers' compensation insurance
- Risk retention, including self-insurance and captive insurance programs
- Risk financing, including funding mechanisms and risk transfer strategies
Risk Compliance Check 9: Compliance with Industry Standards
Aon's ninth risk compliance check assesses an organization's compliance with relevant industry standards, including quality management and information security. Organizations should be prepared to demonstrate their compliance with industry standards, such as ISO 9001 or ISO 27001.
| Industry Standard | Required Controls |
|---|---|
| Quality Management | Quality policies, procedures, and objectives |
| Information Security | Information security policies, procedures, and controls |
