Putting a professionally-managed compliance program into place for your company can be a challenging and complex task. Starting from scratch and getting everyone trained and tested in all regulatory topics takes time and careful planning. It can take a year or more to bring about an organized, automated, and centralized training and records system. Highly regulated industries, such as finance, are subject to more frequent review and more compliance testing areas. You can start implementing processes and procedures for a compliance audit up to a year in advance to ensure that when audit time arrives, you’ve done everything in your power for a seamless review.
Begin preparing for compliance audits a year in advance
If you have not already shifted from manual filing, tracking, and testing methods to a system which tracks employee compliance electronically, you should look to do so at least a year in advance of your next audit. Take the lists you use to track which department is responsible for learning what subject matter, and review for any updates due to regulatory changes. Work with HR managers to ensure new employees have quick access to the network to immediately begin training on personal safety and emergency matters, such as fire code. HR can provide log-in IDs and temporary passwords during orientation. If you work with an outside consultant to set-up the new training library, you can also request which department-level reports you will need for the new system to provide.
Automated reports that will provide a record of idividual- and department-level compliance should be available online. Details such as scores, award dates, and expiration dates should be available for employees and managers to access. There is no need to surprise your employees with training assignments. They should have the option of taking tests well in advance of the due date if they choose to.
Contractor and part-time employees
Contractors often have systemwide access, like full-time employees in their area. They too need log-in access to learn what they will be trained on and a means to study the requirements in advance. Include part-time employees here as well. Include a written acknowledgment to be signed which states that they understand the purpose of the test and that compliance is mandatory.
Onsite visitor compliance
Visitor compliance is unique because the access to the building is primarily the responsibility of the person who invited them. They should not have access to sensitive materials and client information should never be visible or laid out on a desk.
Statement and account management
Financial institutions can receive hundreds of statements a month and thousands in a year. Accounting firms and bank custodians must have a capacity to send and receive tens of thousands of statements a year for the multitudes of brokerage accounts they manage.
When independent auditors randomly pull a client record, they should be able to follow your written procedure, step by step. Auditors expect staff to be educated on how to handle a statement when they first receive it to how it is ultimately archived.
Where you should be at the 6-month mark
Learner groups need to be defined in each department. In the accounting and finance department, for example, you have CPAs, A/R and A/P personnel, and payroll. CPAs should be notified by the company when it’s time to renew professional memberships, in addition to routine compliance testing.
When you run periodic reports, you can save a copy to a network drive or online server for use later. File sites are often automated for scores and employee testing records. Hire a compliance professional to guide you through the process of setting up these tasks. Sharepoint and other online storage systems also work, everyone just needs to be trained on how to use them.
Assessing things at the 3-month mark
If you wait until a surveyor announces a site visit to start certifying your employees, then you are unfortunately already behind schedule. Appoint an officer to oversee the administration of all aspects of the program companywide. It is a full-time job to catch gaps in compliance and to add supplemental modules to the program due to regulatory changes.
Your compliance officer must demonstrate how they’re educating staff on internal policies and procedures and show that managers have the knowledge to implement them. This is why it makes sense to hire an audit professional to make sure you know all the steps to take in advance of a compliance audit. Employees should receive notifications when new compliance training is available and automatic enrollment on firm-level tests.
Final considerations for an audit one month out
By 30 days prior to an audit, all you should have left are final updates to compliance reports. These reports provide visibility for managers to assure all employee records are accounted for and complete. Proper documentation of procedures should be visible throughout the organization. You may also choose to conduct meetings with department heads to sift through any unforeseen non-compliance issues.
As a final note, If your company ever becomes subject to an emergency audit as a result of a customer complaint, it will be imperative to have records to back your business during that critical time. It reflects poorly on a company to be inadequately prepared due to disorganization or incomplete training records. Your company could be subject to fines and a damaged reputation with inadequate policies in place.
Getting the help of audit experts
SD Mayer has decades of experience in audit risk assessment, audit preparation, and audit mitigation. We certainly can help you take control of the enormous tasks covered in this article. Not many companies become expert auditors on their own. Now is a great time to consider taking control of regulatory compliance at your company and simplify the audit process.
Our audit and assurance team is registered with the Public Company Accounting Oversight Board (PCAOB) and the Canadian Public Accountability Board (CPAB)—and holds a zero percent deficiency rate. We’re here to give you peace of mind, while adding value to your business.