A solid compliance program needs monitoring
Even the best compliance program needs monitoring. Here are eight guidelines to keep your program on track.
The evaluation of the effectiveness of compliance programs has several guiding questions that address continuous evaluation and improvement. This may take several forms, including, but not limited to, internal audits, control testing of relevant controls, and collection and analysis of relevant data – as well as evolving updates, which mainly concerns updating risk assessments and review of internal controls. Remediation and follow-up should guide you in improving your compliance program.
These eight guidelines will help you properly monitor and review your compliance program:
1. Make a plan: Create a plan in place and see it through to completion. Set one, two or three-year goals and make sure to measure results. Whether it is to rewrite your code of conduct or provide more and better workforce training, make sure you track the progress of your initiative to figure out whether or not your compliance program is evolving and keeping up with best practices.
2. Provide training: Remember that building a human firewall is one of the most effective defenses against compliance breaches. Train your employees well. When employees recognize a reportable event and know how to report it, then you have managed to install a sound corporate compliance culture. You can even measure that engagement through survey results.
3. Collect data: Gather as much data on your compliance activity as possible and consolidate that information in accurate and useful ways.
4. Analyze proactively: Groom and aggregate your data. Analyze and track trends in compliance activity and report it to the proper executives. One example could be tracking trends in exception request submissions. If you have a greater number of exception requests, it could attest to your success at making people understand the policy and the process, or maybe it’s a sign that you have a bigger problem.
5. Escalate: Design a well-defined and proper escalation system so that the right managers or risk owners can quickly and adequately respond to any identified red flags or breaches.
6. Remediate: If failures and flaws are identified in the system, they should be addressed through the development of internal controls to match and mitigate those risks.
7. Automate: By shifting from manual to automated reporting and monitoring processes, you will enable the flow of data to be constant and human intervention minimal, leaving less room for human error.
8. Document: Don’t let documentation be an afterthought. Document all your efforts and keep auditable records that prove all of your compliance activities. A strong reporting system will always allow you to be prepared for any inquiry in case authorities come knocking at your door.
If assistance is needed, let me know. As mentioned in previous columns, there is effective software that can do the monitoring job, leaving less room for human error, as outlined under 7. above. Remember that building a human firewall is one of the most effective defenses against compliance breaches!
Comments are welcome – contact me under Schumacher@eitsc.com