In March 2015, The Legal Intelligencer published the article, “How Audit, Compliance and GCs Can Work Together,” discussing the changing regulatory landscape and its impact on the roles of companies' internal audit, legal and compliance functions.
The Sarbanes-Oxley Act, and other regulatory developments passed in the wake of the accounting fraud cases of the early 2000's, tightened the financial reporting and compliance requirements companies adhered to. As a result, the roles and responsibilities of companies' internal audit, legal and compliance functions have changed dramatically and have become much more important for the personnel in these functions to effectively communicate.
The internal audit, legal and compliance functions all have similar, and many times overlapping, goals and objectives especially with regard to managing risk. When the roles and responsibilities of each individual function are not clearly defined and communicated, employees may unknowingly act outside the scope of their function's roles and responsibilities which can have adverse repercussions on the company. These problems are more likely to occur when the individuals from the various functions are not routinely working together and communicating.
The article describes a precarious situation that has led to legal problems for companies due to a lack of defined roles and responsibilities. In the article's example, personnel in the internal audit function identified a potential issue and communicated it, along with their legal opinion of the issue, directly to the audit committee effectively bypassing the general counsel. The result of this process was that a “discoverable record” was created, not protected by attorney-client privilege, and the auditor's opinion of the legality of the potential issue, if incorrect, could have impacted the company's ability to defend against the potential issue in the future.
In order to avoid a potential harmful situation, similar to the one noted above, it is important for representatives from internal audit, legal and compliance to collaborate and maintain an open line of communication with one another and all other functions of the company. Protocols should be established and communicated therefore, everyone understands the correct channels that should be used and personnel that should be included in various company matters. Additionally, the skill sets possessed by the different functions should be leveraged to effectively accomplish goals and objectives. For instance, internal audit personnel can be tasked with performing independent assessments of compliance and legal processes, such as policy and procedure adherence, Foreign Corrupt Practices Act (FCPA) third-party due diligence reviews and internal investigations.
Companies who are able to effectively align the goals and objectives of their internal audit, legal and compliance functions will be better prepared to address risk management concerns, respond to changes in the regulatory environment and focus on strategic initiatives. To read the full article, please click here.
If you have questions about how your business can improve its risk management processes or have matters that warrant the involvement of outside accountants and consultants to provide support and analysis, please contact Patrick Braley by calling 770.396.2200.