Follow ACC Docket Online:  

10 Pieces of a Successful Compliance Audit

Business ethics Column
T he best leaders can identify issues and act on them before they become major problems — especially when it comes to compliance. The cost of noncompliance and damage to reputation can be debilitating. However, preventive measures save resources by eliminating the cost of noncompliance and damage to reputation, thereby helping to create new business and maintaining a competitive advantage.

For this reason, associated risk management (ARM) agencies should work diligently to prepare for potential compliance audits from the Consumer Protection Finance Bureau (CFPB) or other regulatory authorities who oversee their operations. If they don’t, the risk of fines, penalties, and legal actions may mount to an untenable extent if they aren’t avoided through mitigation actions.

Despite the warnings, many choose less favorable options, either ignoring the need for checks on their compliance tactics, hiring outside contractors who don’t know their business, or simply absorbing the inevitable cost of noncompliance. Leaders take the proverbial bull by the horns, act immediately to avoid expenses, and put their operations in a stronger position.

Immersing yourself in your own business and fearlessly seeking issues that need correction brings your operation to heights you wouldn’t think possible. Here are 10 key pieces you need to avoid botching your compliance audit:

1. Knowledge

Take a good, hard look at your company and learn where it stands with regard to compliance. Learn the regulations that apply to you, in detail, and gain a full understanding of the ramifications of not following them. Find out where the gaps and vulnerabilities lie. Be honest with yourself and your team.

2. Preparation

Audit methods may involve interviews, inspections, observation, testing, and sampling. So take some time to determine the audit’s scope and criteria, select participants, set expectations, and provide reference criteria to specific requirements.

3. Training

Make all stakeholders aware of compliance expectations, and communicate them to your board of directors and executive leadership. Educate everyone in your organization about the policies, procedures, laws, and regulations as you work to ensure understanding and buy-in.

4. Management

When it comes time to actually conduct your audit, don’t leave it to run itself — orchestrate and control it. Be proactive, make a plan, and get ahead of possible issues before they become threats. Prepare participants who will meet with auditors and know your evidence: documents and records.

5. Culture

Establishing a culture of compliance starts with communication, but relies on expectation of integrity and accountability. Your organization needs published values and a code of ethics. Write them down, distribute them, evangelize them at company meetings, and reward those who follow.

6. System

Establish a formal compliance management system to identify, prevent, and correct compliance breakdowns. Empower leaders within your organization for key roles and responsibilities, and document your policies and procedures. These practices should strengthen your ability to identify and manage compliance violations, as well as identify, analyze, and mitigate risks.

7. Controls

Have a handle on your audit during the process, and plan for the outcomes you expect. That means creating checks and balances for vulnerabilities and measuring key goals and strategic initiatives to monitor achievement and progress. Periodically examine your training records and conduct your own internal audit on your compliance management system.

8. Schedules

Schedule your audits to meet business needs with respect to relevance, degree of risk, process stability, prior issues, regulatory requirements, organizational realignment, and infusion of new talent. An audit may be required, but you should take advantage of the flexibility you’re offered.

9. Conversation

Create a non-threatening environment for both auditors and associates alike and talk with those handling your business ahead of time. Conduct mock interviews and record your observations and findings, while managing time and content. You should ask open-ended questions that help to describe how employees are trained on consumer financial protection laws, how training is monitored to ensure expectations are met, and how potential violations are identified.

10. Internal Audits

Provide your staff and management with a crash course in compliance, and sponsor and empower objective employees to test your operation ahead of time. Select your own auditors based on competency and integrity in order to ensure objectivity by both organization and relationship. Have them make sure any noncompliance issues you uncover are resolved, and examine every requirement of your business — regulations, policies, processes, laws, standards, and controls are all fair game. Then, identify nonconformance, opportunities for improvement, and capture a description of how you’ve conformed to each.

A compliance audit is a serious matter with serious impact on your business. Take the time to ensure you’re prepared — it will pay serious dividends down the line.

About the Author

Dan PottsDan Potts is the process appraisal and certifications director at Ontario Systems. He is a certified CMMI Lead Appraiser, and has served clients in the commercial insurance, banking, and finance verticals to help benchmark and improve product development capabilities. Dan earned a bachelor's of science in Political Science and Systems Analysis from Taylor University in Upland, Indiana and is trained as a Six Sigma Black Belt and a Malcolm Baldrige Examiner.


The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.