Audits are essential for effective compliance programs

December 9, 2014

check-listAll companies, regardless of their size, business model and scope of activities, are subject to a plethora of laws and regulations in diverse areas such as employment, health and safety, intellectual property, real property, tax, antitrust, finance, securities law and consumer protection and, as such, it is essential for them to develop processes and procedures to conduct voluntary and self-analytical legal and compliance audits on a regular basis.

The November 2014 Business Counselor Update includes a new chapter (§§225:1 et seq.) focusing specifically on conducting compliance audits. The materials include a Master Form of a checklist for a compliance audit. The chapter describes the importance of compliance audits in reducing liabilities that a company may incur due to violations of laws and regulations and describes the steps to be taken to conduct effective audits. The Specialty Forms library includes a description statement of the compliance audit process for a company’s personnel handbook, including exhibits setting out audit methods and rules and guidelines for audit scheduling and planning; and questionnaires for various types of compliance audits including privacy and anti-money laundering laws and regulations.

A variety of techniques can be used to complete the audit process and counsel may often follow many of the procedures that are normally used when conducting a due diligence investigation in the transactional context. See Due Diligence (§§ 292:1 et seq.). Accordingly, questionnaires should be prepared and disseminated to various departments within the company, including sales and marketing, accounting and finance, human resources and legal. The information collected from the questionnaires should always be supplemented by conversations with officers and employees responsible for functions that impact significant operations, as well as discussions with outside consultants and professionals.  The first step is development of a comprehensive compliance audit questionnaire.  See master form at § 225:30. In addition to general matters relating to the legal affairs of the company, including litigation, conflicts of interest and regulatory matters, the questionnaire should survey the legal aspects of the company’s marketing, production and finance functions. For example, in the marketing area, questions should be asked regarding the company’s pricing policies and trade association activities. With respect to production and operations, questions should cover product safety, environmental and workplace safety issues, and labor and employment laws. Of course, most comprehensive audit programs include specific inquiries into particular areas of interest such as corporate governance (see specialty form at § 225:55); ethical standards (see specialty form at § 225:56) and general accounting and internal controls (see specialty form at § 225:57).

In order to effectively assist clients with their compliance audits business counselors need to be familiar with each of the specific steps that need to be completed during the audit process:

  • Identify the person or persons who will participate on the audit team (§ 225:18) and review with such persons the audit procedures and laws and regulations that may be applicable to the review;
  • Collect and review background information about the company’s business and legal environment (§ 225:19) in order to understand the laws and regulations that are applicable to the company’s specific operational activities;
  • Consider the appropriate scope of any audit (§ 225:20), identify the key issues to be covered by the review (e.g., changes in compliance procedures necessitated by changes in applicable laws and regulations) and, if appropriate, prepare a formal audit plan;
  • Collect and review material contracts and other documents (e.g., policies and procedures) (§ 225:3) relating to the company’s transactional and operational activities and prepare summaries of any material information collected;
  • Prepare appropriate questionnaires (§ 225:4) regarding the subject matter of any audit and circulate them to persons known, or likely, to have material information regarding the issues being analyzed;
  • Arrange for inspections (§ 225:5) of the company’s files and other records repositories, including files and records maintained in foreign offices, to identify information that may be used in the course of any audit;
  • Arrange for interviews (§ 225:6) with persons familiar with the information that may be used in the course of the audit, including officers and employees of the company, general counsel, outside counsel and other parties;
  • Review the existing compliance policies and procedures and assess the company’s overall compliance environment (§ 225:7);
  • Conduct searches of public records (§ 225:8) to verify registrations and recordings; and
  • Analyze the information obtained through the questionnaires, interviews and document reviews and, if appropriate, prepare a final report or summary of findings (§ 225:9) including suggestions for remedial actions (§ 225:10).