This article is the first one in a 10 part series that addresses how compliance officers can better manage the growing demands for audits.
1. Get Support From The Top
The first step, which can be the most difficult, is to get top level management support for your audit management program. This article will look at the reasons why this is so important, and help you build a case in getting your top level management on side.
2. Commitment of Transparency
Compliance is everyone’s responsibility, and the success of the corporate brand depends on it. If compliance is part of the DNA of a business, transparency is never an issue. If people are protective of their positions, or the knowledge they hold, or are not fully committed to compliance, they will generally resist transparency because this is what exposes them. This is often why compliance officers find it so hard to introduce new audit management technology into a business: it shines a light in places some prefer to keep hidden.
With a commitment to transparency the board can no longer escape responsibility, and neither can those auditors who tend to take a superficial approach to finding out exactly what is going on.
3. Agreement on levels of scrutiny and the discipline requirements
Discipline is at the heart of every successful compliance program, and support of top management will ensure that this discipline is maintained.
- Properly define compliance requirements and keep them up to date.
- Consistently do the right thing.
- Conduct audits and be subjected to audits.
- Fix identified problems.
- Follow up, follow up, and escalate.
- Take firm action to address non-compliant people and processes.
4. Anticipate and prepare for objections at all levels
You are highly likely to encounter resistance at first, so it’s best to pre-empt possible objections and be prepared. Some common objections – from all levels are:
- The cost involved (time and money) to rectify compliance issues identified by the audit management program. Sometimes solutions require profound changes to the way a business operates. You need to be prepared to counter these arguments with clearly stated facts around the benefits – the ROI – of compliance, as well as the potential downside cost of poor compliance. Illustrate examples of how the cost of compliance failure can be significant and far greater than short terms costs to meet compliance requirements. A good example is the BP oil spill, largely due to budgetary constraint, the fear of delays and overruns and a board that placed safety below cost on the priority ladder.
- The disruption brought about by the audit management program. Busy managers will resent production delays or interruptions which inevitably result from audit processes, and anything you can do to minimise this through technology or advance audit reparation, will help alleviate this problem.
- The impact on targets or KPIs. Where personnel are incentivised to achieve KPIs, compliance activities may be seen as counter-productive if these mean additional process steps, record keeping, and other related activities. Again, top management support is needed to get people past this hurdle, and one powerful means to do this is to include compliance-related KPIs in performance reviews.
- Fear of what may be found. People hold on tightly to processes, information and key relationships from which they draw their power. Any change to the status quo resulting from an audit or other compliance initiative will be perceived as a threat. Clearly written and instructive audit reports will be more favourably received if people get the idea that you are there to help them.