With you for the past 10 years, committed to compliance and integrity!

INTERNAL AUDIT AND COMPLIANCE SHOULD COOPERATE

It is quite clear that at the present time no one can be isolated from the environment. The tasks and objectives of the professional services responsible for the operation of the system of internal controls in the second line of defense and internal audit from the third line are the same. It is therefore essential that they cooperate with each other and that cooperation is: 1.) permanent and 2.) formal and informal.

Formal periodic meetings, which can be announced and planned for one year in advance, can be included among the formal cooperation. They can be organized independently or with other functions that are included in the control system or. internal control system: risk department, physical security service (especially for infrastructure companies), etc. For the informal exchange of data, we know that such data are suitable, but they must be checked before use and only then taken into account in identifying and assessing risks.

Why work together - key equality and diversity

If we take as a starting point a system of internal controls based on three lines of defense, the key "differences" between the functions of compliance and internal audit:

  • position of the function and
  • reporting lines.

The formal basis for the operation of an individual function is also different: international internal audit standards are legally binding on financial organizations and public companies, while the standards of the compliance function exist as general, recommended rules.

Compliance is "cut" by the direct management, and the head of internal audit by the supervisory board. It follows that both the formal and the actual starting points for independence are different. Formally, independence in internal auditing is ensured by the fact that internal audit is only administratively accountable to the top management, and functionally to the supervisory body. The latter gives consent to the recruitment and remuneration of the internal auditor.

The key equality that should apply to every control or supervisory function is independence.

But both functions face business risks, changes in legislation, organization, innovation, accelerated digitization and a greater emphasis on security. Thus, constant changes in the environment and new requirements (eg for greater security, eg personal data, infrastructure…) are a mandatory part of the annual review of both functions.

Ways of cooperation - possibilities for synergy effects

  1. Participate in individual projects / reviews : Compliance participation in internal auditing is possible. The reverse is also possible. However, in the latter case, it is necessary to ensure that internal auditors who have worked in the field of compliance do not subsequently assess this system, nor is it advisable to assess the effectiveness and efficiency of the compliance function. It’s hard to be objective and independent of the people you’ve worked with. There is a potential conflict in this case, and let's not risk being accused.
  2. Sharing data, information : the joint brainstorming of employees in the areas of risk, compliance, internal audit, and physical security and accounting should add value and a recipe for timely inspections and timely identification and interweaving of risks, all of which can be multiplied affects the achievement of set business goals.
  3. Joint planning of annual reviews : Joint planning aims to ensure that tasks are not duplicated and that multiple supervisory functions are not burdened on the same people over the same period. We also pursue the goal that the management receives assurances of a larger volume of business in a shorter period of time and thus receives timely warnings of shortcomings and opportunities in several areas.