Episode 67 — Conducting Compliance Audits
Corporate compliance departments are rapidly implementing their own internal audit function — operating their own internal compliance monitoring and audit function. No longer can compliance departments rely on internal audit to report on the compliance department’s operations. Companies have to implement internal (or external) audit procedures.
In this episode, Michael Volkov discusses how to conduct a compliance audit.
Michael, this is not a the way good corporate governance in the 21ste century suggests. Internal audits are done by an independent group of internal auditors whose status is not in doubt. They will have a plan and annual audit program for all all key corporate risks areas and will establish, independently, whether the control framework that compliance has designed and operates is well designed to deal with the key risks, operates as intended andthereby gives Management confidence that they are on top of the issues. Compliance department cannot do this. What Compliance should do is operate like any other organisation in the corporation and design its controls and do ‘1st and 2nd line’ assurance. They cannot do independence assurance like Internal Audit does for the simple reason that they are not independent.