Internal Auditing as a Friend, Not a Foe
Tips on how internal auditing can assist compliance programs
A turf war between internal audit committees and compliance offices is not uncommon, which often results from unclear differences between the two functions. The departments have some common characteristics that overlap, so some confusion is reasonable. Both guard against unwanted events or issues that could give rise to liabilities, but internal auditing and compliance offices operate under distinctly different methods and objectives. In many cases, companies have merged the leadership of these functions. By working cooperatively, these functions can help the board, leadership, and other management leaders understand the importance of an integrated approach to governance activities, which prevents undesirable outcomes and liabilities. The challenge is finding ways to leverage time and capabilities of each function to enhance the compliance program and guard against wrongful behavior that could create liabilities for the organization. Internal audit and compliance offices must agree on risk types and thresholds that each will address in order to achieve this goal. As a best practice, organizations should establish a work protocol or policy document to define roles and avoid conflicts/overlapping efforts. This protocol/policy may require negotiation, but the results are well worth the effort. There are many ways that internal audit can provide considerable support for the compliance program, such as:
- Identifying high-risk issues and compliance-related issues in the internal audit plan;
- Checking intermediaries and related organizations to determine if they have a code of conduct and formal compliance program;
- Spot-checking expense reports or receipts for gifts and entertainment to determine if gifts, entertainment, and conflicts of interest compliance policies are being followed;
- Verifying that conflicts of interest forms are on file and being followed;
- Verifying that compliance materials are properly posted and visible to all employees to ensure that instructions are being followed in all facilities; and
- Assisting with complaint investigations involving audit related effort.
To advance the internal audit and compliance office partnership, compliance officers should arrange for specialized, formal training to help internal auditors identify compliance red flags that they may encounter during audits. This should include real examples of how other organizations have gotten into trouble or examples of issues that draw enforcement action. The more information internal auditors are provided, the better they will be able to assist in identifying compliance issues. Finally, compliance officers should be generous in giving credit to any internal audit work that yields positive results for the compliance program.
Steve Forman, CPA, has 35 years of experience in managing and coordinating both compliance and internal audit functions. For more on this subject, see strategicmanag.wpengine.com or contact Mr. Forman at [email protected]
