Each organization must abide to a level of compliance appropriate for its specific operations. For example, a publicly held multi-national manufacturer and distributor based in the U.S. would have to comply with Sarbanes-Oxley and would have the option of adopting an ERM Framework like ISO 31000:2009 or COSO framework for risk management.
Based on the type of operations, an organization might opt to comply with corporate social responsibilities and environmental standards like the EPA.