Multiple functions within an organization need to audit and monitor their compliance with regulatory requirements. For example, human resources will need to audit their compliance with wage and hour laws and environmental health and safety regulations. Below is a model plan of audit and monitoring activities that typically involve corporate compliance. The specific responsibility for different types and areas of audit will vary from one organization to another, so this should be used only as a guide. Adjust it as needed to more accurately reflect the needs of your organization.
20xx Compliance Auditing and Monitoring Plan
|
Area |
Scope |
Projected Timing |
Assigned Accountability for Audit |
|---|---|---|---|
|
Antibribery and Anti-corruption* |
Review of existing anticorruption policy, processes, and controls for sufficiency and effectiveness. |
Internal Audit and Finance | |
|
Audit expenses and payments for compliance with anticorruption policy requirements (e.g., evidence of round dollar transactions, repeated transactions just under delegation of authority limits, repeated payments to the same party in the exact same amount, payments made to third parties with only very general descriptions). |
Internal Audit and Finance | ||
|
Audit of gift approval and gift expenditures systems for potential links to government officials. |
Internal Audit and Finance | ||
|
Audit of international location books and records for local language euphemisms for bribe (e.g., “spintarella” in Italy, “baiju” in China, “refresco” in Mexico) |
Internal Audit and Finance | ||
|
Audit of dealer discounts granted during prior period for compliance with policy requirements. |
Internal Audit and Finance | ||
|
Audit of petty cash transactions for compliance with petty cash and anticorruption policy and to identify any potentially corrupt payments. |
Internal Audit and Finance | ||
|
Audit of payments made for permitting, licensing, and building functions for compliance with anticorruption policy. |
Internal Audit and Finance | ||
|
Review of third-party due diligence process for compliance with all policy and process requirements. |
Internal Audit and Finance | ||
|
Conflict of Interest Process |
Assessment of existing policies, processes, and controls designed to identify and manage conflicts of interest for sufficiency and effectiveness. |
Compliance | |
|
Review of annual conflict of interest disclosure reporting and certification by employees for compliance with conflicts of interest policy. |
Compliance | ||
|
Ethics and Compliance Program*† |
Evaluation of the design, structure, and resources of the organization’s ethics and compliance program. |
Outside Third Party | |
|
Audit of compliance helpline and issue management system for compliance with helpline and investigations policies. |
Internal Audit | ||
|
Audit of compliance helpline data for compliance with retaliation prevention policy. |
Compliance and Internal Audit | ||
|
Review records of disciplinary actions taken for compliance violations to ensure consistency and lack of bias. |
Compliance | ||
|
Review compliance education course completion data for compliance with policy and identification of repeated noncompliance. |
Compliance | ||
|
Audit of policy management process and policy to ensure proper updating and maintenance of compliance policies and the code of conduct. |
Compliance | ||
|
Data Privacy |
Review data privacy and bring your own device policies, processes, and controls for sufficiency and effectiveness. |
Compliance and Privacy Officer | |
|
Audit log of phishing occurrences for compliance with data privacy policy. |
Privacy Officer | ||
|
Review personal information protection process for compliance with applicable regulations (e.g., HIPAA, GDPR, CCPA). |
Privacy Officer | ||
|
Trade Compliance |
Review Office of Foreign Assets Control screening policy, processes, and controls for sufficiency and effectiveness. |
Trade Compliance | |
|
Review Office of Foreign Assets Control screening results for compliance with policy and process. |
Trade Compliance | ||
|
Audit export licenses for proper decrementing and compliance with terms and regulations. |
Trade Compliance and Legal | ||
|
Contract Management |
Review contracts for compliance with contractual clauses. |
Compliance and Legal | |
|
Audit key suppliers and service providers for compliance with anticorruption and human trafficking prevention requirements. |
Outside Third Party |
* Audit necessary for compliance with [INSERT NAME OF REGULATION, ACCREDITATION, OR OTHER AGENCY REQUIREMENT].
† Audit will be outsourced due to subject matter needed or need for independence.