Compliance and Ethics Audit
Compliance officers are responsible for many activities and programs in their organizations—ethics hotlines, codes of conduct, and ethics and compliance-related training and reporting, in part. They also typically monitor or audit organizational compliance with related policies and procedures.
No surprise—it is also important that there be an independent audit of the overall ethics and compliance program and its component parts to assure the board and senior management that the program is functioning as intended, to identify emerging threats or opportunities for improvement, and to reinforce the organization’s desired ethical culture. As addressed in the March 2015 KnowledgeLeader newsletter (Swanson), the primary goals for such an audit are:
- Determine whether the C&E [compliance and ethics] program provides reasonable assurance of compliance with organizational policies and applicable laws and regulations.
- Determine if the C&E program is documented, in place, and appropriately resourced to meet the organization’s needs.
- Determine that the C&E program has been implemented effectively and that its performance reporting system has been defined and accurately presents the results of the program.
To quote Swanson, “Some critical issues to explore during the audit include: the consistency and integration of C&E program among the different business units within the organization, coordination between the compliance and ethics officer(s) and the individual business units, a clear and effective division of roles and responsibilities among the many parties involved, and most importantly, that an effective tone at the top has been successfully communicated and implemented across all levels of the organization.”
Part of the role of an independent auditor is to assess the performance of the compliance officer and his or her department. Such an assessment could include asking the officer or compliance staff about the support, the barriers, or the issues that they experience while doing their jobs.
- A recent blog post by the Society of Corporate Compliance and Ethics listed 21 questions that senior management should ask the compliance officer (Snell, 2016). We won’t list all 21, but here are some of the questions.
- Is there anyone interfering with your ability to implement any of the elements of an effective compliance program?
- Is there anyone interfering with your ability to prevent, find, or fix this organization’s legal, policy, or ethical issues?
- Do you have any responsibilities outside of compliance and ethics that could cause you to have a conflict?
- Do you report to anyone who has any responsibilities that could cause conflicts of interest for the compliance program?
- Is anyone with a conflict of interest guiding or directing the compliance and ethics program?
- Are there any issues that have been reported to you that are not being addressed?
- Do you have a good working relationship and independent access to internal and external legal counsel, consultants, and auditors?
- What are you most concerned about?
The combination of a dedicated compliance officer or team, independent audits of existing ethics and compliance efforts, and a frank and open discussion about opportunities and threats to the program should lead to continuous improvement for the ethics and compliance program and for the organization as a whole.
Ethical Advocate provides comprehensive ethics and compliance solutions, including ethics and compliance training and confidential and anonymous hotlines that meet regulatory and reporting needs.
Snell, Roy. “Questions that Leadership Should Ask the Compliance Officer.” The Compliance and Ethics Blog, May 2016. http://complianceandethics.org/questions-leadership-ask-compliance-officer/
Swanson, Dan. “Auditing a Compliance and Ethics Program.” KnowledgeLeader, March 2015. http://info.knowledgeleader.com/auditnet-march-2015-newsletter