When It Comes to Documentation, Smart Companies Behave Like Every Day Is Audit Day

Bob-Conlin_Blog_New.png

I’ve learned that there is a clear difference between those teams that prepare for an audit and those that are always prepared for an audit.

Audits are part of nearly every ethics and compliance program. They come from the Internal Audit Department, outside auditors testing control systems and processes, and in some cases, government regulators evaluating the effectiveness of your program as part of an investigation. In most assessments, auditors will focus specific attention on policy related processes. Are they current? Are they reviewed regularly? Are employees attesting when required and following expectations? The objective is to determine whether you are doing what you say you are going to do.

A successful audit is more than just a “clean” audit – it’s one that is relatively pain-free and does not drain unnecessary time, money or energy from legal, accounting, compliance or human resources.

As a CEO I’ve had the opportunity to take a step back from the audit process, specifically audits that call for robust documentation such as policy management. These types of audits, whether it be a formal audit by external entities or an impromptu phone call from a client asking about a business practice, require us to provide quick, accurate responses that have the necessary evidence to prove their validity.  

I’ve learned that there is a clear difference between those teams that prepare for an audit and those that are always prepared for an audit. The difference is in how they handle the day-to-day. 

Unfortunately, many organizations could do better when it comes to audit-readiness of their policy management processes. This is a persistent problem in the world of ethics and compliance – inability to access or use efficient tools and processes to keep up with the growing demands of the industry. And if our regular processes are unsatisfactory, our irregular processes – audits – will be exponentially worse. 

The good news is that there is a solution to this abiding challenge: automation. Automating compliance functions not only makes each day more efficient, but also puts you in position to respond to an audit request quickly, thoroughly and effectively.  

Bringing Documentation into the Modern
Compliance Era

Consider for a moment the internal audit process of your policies. Is it manual? Does it rely on hardcopy documentation? Does it leave inordinate room for human error? Are reports or analytics siloed between departments? Does the process rely on multiple systems with various owners? There is a good chance you answered “yes” to several of these. That’s because many organizations are still working to bring compliance programs up to the same level of automation as other business processes. I’m sure there are many reasons why some organizations have failed to automate critical compliance functions, but those reasons won’t matter to auditors.  Our job is to make sure our internal processes hold up to external review — and to make the necessary changes when they do not.

In the world of compliance, this intention translates into auditor goodwill – a benefit that is intangible but also invaluable.  

If you have been through an audit before, you know that auditors often rely on the resources of the targeted organization to find answers to their questions and determine their findings. Those resources are your documents, and more specifically the systems you employ to archive and call up those documents. When your organization can produce information quickly and thoroughly it has two immediate benefits. First, it shows that your organization has control of the processes and data required. Second, it shows that your compliance is not by chance. It is intentional, achieved through daily investment and commitment. In the world of compliance, this intention translates into auditor goodwill – a benefit that is intangible but also invaluable.  

As they say, if it isn’t written down, it didn’t happen. When it comes to an audit, we are looking to prove a clear “yes” or “no,” so if “it didn’t happen,” chances are it’s going to be a “no.”

Download Guide: Definitive Guide to Policy Management

Investing in a system that effectively manages your daily compliance program processes shows your organization’s commitment to doing the right things right. And auditors and investigators will take notice. As we’ve seen recently, government agencies reward organizations that demonstrate a culture of ethics and strong compliance programs, even if an investigation uncovers a problem.

The common denominator between being compliant on audit day and being compliant every day is automation. Automating business processes removes manual overhead, digitizes paper trails so they are easily navigable, reduces the chances for human error and provides a single source of truth for the information requested.

Beyond policies, also consider your training programs – do you have on hand the proper documentation that proves completion? How about your case management program – is there a system in place the catalogues incident reports as well as case closures and resolutions?

Not every day is audit day. But with the right tools and commitment to compliance excellence, audit day will (almost) just be another day for you and your team to show your proficiency and deepen your company’s reserve of goodwill. 


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


The Difference Between Being Right and Doing Right

Whether you think pretaliation clauses represent a phantom risk or not, regulating them still pushes us toward a tangible, valued result: an ethics and compliance program that works well. Let’s take a look at what it means to be right in the eyes of the law and to do right by your corporate culture.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

ISO 37001: Let’s Talk Specifics

Since its release this past fall, ISO 37001 has been making waves in the compliance community. With polarizing opinions on both sides of the standard, the dust has yet to completely settle. So while compliance professionals continue to grapple with the new measure, we’re soliciting opinions about how specific aspects of ISO 37001 have affected organizations. Read on and chime in.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments