Auditing Ethics & Compliance Programs

Most businesses are not required to audit their ethics and compliance programs. This is a problem! Recent developments suggested in the Sentencing Guidelines and across the compliance landscape have added more oomph to the DOJ’s expectations with regard to ethics and compliance programs. This oomph extends to other federal and state agencies as well. So what exactly are these regulatory bodies looking for? The simple answer is that there is no straightforward formula, but rather government agencies have developed a litany of considerations that should be weighed against companies’ compliance practices.

Static compliance programs without testing and evaluation are a thing of the past. Regulatory bodies expect compliance departments to be actively engaged in companies’ operations, and not simply existing as a fixed business function that lacks flexibility and improvement. Unlike other departments, compliance is an investigative function that constantly requires refinement to ensure proper oversight of business practices. It is also needed as a vehicle to implement complex and dynamic corporate and regulatory mandates. A compliance program audit assists with future planning and it serves as a self-evaluation tool for ethics and compliance departments.

In short, compliance continues to be a reactive business function at most companies. Organizations decide to invest in ethics and compliance when their bottom-line has been disrupted. Simply put, compliance becomes pertinent when companies are fined, lose their licensure, or are reprimanded in some adverse way. This reactive approach, although intuitive based on the uncertainty of governmental oversight, has the potential to cause harm. Lack of attention given to ethics and compliance functions extends beyond having a program in place.

Executive management needs to periodically evaluate the design and effectiveness of the company’s compliance and ethics program. Ensuring compliance alone is not sufficient, the effectiveness of compliance and ethics programs is established by bringing in new perspectives, expertise and value additions through specially designed auditing initiatives.

Compliance program audits should be prioritized by CCOs, CFOs, GCs and CEOs alike. Communication and support from top management during the entire audit process plays a crucial role in extracting the maximum benefits from the initiative. Compliance programs should be qualitative and risk-centric to ensure comprehensiveness. Pre-audit evaluation plays a critical role in designing the audit plan and methodology.  Once the audit program kicks off, further planning, testing, fieldwork, analysis, interviews and reporting are needed. Compliance audits should be performed annually or biannually and must be led by an audit/compliance committee or a company’s CCO. Outside consultants and compliance attorneys may provide valuable insight during pre-audit design and such advice may be critical for companies with poorly developed compliance functions. Where audit teams cannot be housed internally, compliance consultants and compliance attorneys may be valuable assets. An ideal mix of internal as well as external expertise to undertake compliance program audits should be strategically evaluated and designed to be a part of the ethics and compliance roadmap.

There is no way around it. Compliance program audits are important. A compliance program audit allows a company to evaluate and rank risks, discover overlooked regulations and laws, and most importantly; a simple audit can be the difference between no penalties and hefty regulatory fines. 

Compliance program audits not only help in benchmarking business practices, but also provide an opportunity to evaluate program inefficiencies. Identification and corrective actions at both the micro and macro levels are paramount and can only be accomplished through routine compliance program audits. Audits provide important metrics that can be used for management, government and shareholder reporting processes.  These metrics also provide an opportunity for internal analysis of historical performance for strategic planning and operational growth.

Over a period of time, compliance program audits have continued to demonstrate their usefulness to compliance departments and businesses at large by critically evaluating alignment of operations with corporate and regulatory concerns. Compliance program audits are imperative as a business function to ensure program efficiency given the ever-changing landscape of rules, regulations, laws and best business practices. CCOs and compliance departments cannot ignore the importance of compliance program audits.