Conducting compliance audits

January 27, 2015

Report reviewA variety of techniques can be used to complete the compliance audit process and those persons involved in conducting the audit often follow many of the procedures and steps normally used when conducting a due diligence investigation in the transactional context.  Questionnaires should be prepared and distributed to various departments within the company, including sales and marketing, accounting and finance and human resources.  The information collected from the questionnaires should always be supplemented by conversations with officers and employees responsible for functions that impact significant operations, as well as discussions with outside consultants.  If the company has already opened offices and facilities in foreign countries to conduct sales or manufacturing, questionnaires should be circulated to local managers and follow-up interviews should be conducted.  In addition to questionnaires and interviews, information regarding the company and its business processes can be obtained by reviewing business plans and disclosure documents prepared for distribution to investors, material contracts and written policies and procedures and through inspection of the company’s facilities and observation of managers and employees carrying out their day-to-day job responsibilities.

Some of the specific steps that should be taken to launch and complete a compliance audit include:

  • Identifying the person or persons who will participate on the audit team and reviewing with such persons the audit procedures and laws and regulations that may be applicable to the review;
  • Collecting and reviewing background information about the company’s business and legal environment in order to understand the laws and regulations that are applicable to the company’s specific operational activities;
  • Considering the appropriate scope of any audit, identifying the key issues to be covered by the review (e.g., changes in compliance procedures necessitated by changes in applicable laws and regulations) and, if appropriate, preparing a formal audit plan;
  • Collecting and reviewing material contracts and other documents (e.g., policies and procedures) relating to the company’s transactional and operational activities and preparing summaries of any material information collected;
  • Preparing appropriate questionnaires regarding the subject matter of any audit and circulating them to persons known, or likely, to have material information regarding the issues being analyzed;
  • Arranging for inspection of the company’s files and other records repositories, including files and records maintained in foreign offices, to identify information that may be used in the course of any audit;
  • Arranging for interviews with persons familiar with the information that may be used in the course of the audit, including officers and employees of the company, general counsel, outside counsel and other parties;
  • Reviewing the existing compliance policies and procedures and assessing the company’s overall compliance environment;
  • Conducting searches of public records to verify registrations and recordings; and
  • Analyzing the information obtained through the questionnaires, interviews and document reviews and, if appropriate, preparing a report or summary of findings including suggestions for remedial actions.

To learn more about conducting compliance audits see the following:

  • Business Counselor’s Guide to Compliance Audits (§225:63)
  • Client Executive Summary on Compliance Audits (§225:60)
  • Business Counselor’s Slide Deck Presentation on Compliance Audits (§225:61)