When your process doesn't match your procedures

Alex Holloman III (alex.holloman@infosys.com) is the Compliance Officer for Infosys McCamish in Atlanta, Georgia, USA.

We’ve all been there. You are involved with an audit (internal, external, regulatory), and the examiner asks for someone to explain how a process is supposed to work—and then you discover the actual process doesn’t match your documented procedures. Or better yet, the last time the procedures were updated, they referenced saving all information to a floppy disc at the end of the day.

At the onset, procedures are developed to document how a task or activity should be performed. It is the central document that associates refer to in times of confusion, and it is incorporated within the onboarding process. Over time, our attention shifts to other pressing matters, and the documentation becomes outdated. It’s an unfortunate situation, but very common within the realm of our daily work activities. Reviewing your business procedures is not done frequently enough, and usually happens the week prior to the audit. Compliance should implement a governance program, in partnership with the appropriate internal stakeholders, to ensure a review is happening on a recurring basis.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field