With you for the past 10 years, committed to compliance and integrity!
It is quite clear that at the present time no one can be isolated from the environment. The tasks and objectives of the professional services responsible for the operation of the system of internal controls in the second line of defense and internal audit from the third line are the same. It is therefore essential that they cooperate with each other and that cooperation is: 1.) permanent and 2.) formal and informal.
Formal periodic meetings, which can be announced and planned for one year in advance, can be included among the formal cooperation. They can be organized independently or with other functions that are included in the control system or. internal control system: risk department, physical security service (especially for infrastructure companies), etc. For the informal exchange of data, we know that such data are suitable, but they must be checked before use and only then taken into account in identifying and assessing risks.
Why work together - key equality and diversity
If we take as a starting point a system of internal controls based on three lines of defense, the key "differences" between the functions of compliance and internal audit:
The formal basis for the operation of an individual function is also different: international internal audit standards are legally binding on financial organizations and public companies, while the standards of the compliance function exist as general, recommended rules.
Compliance is "cut" by the direct management, and the head of internal audit by the supervisory board. It follows that both the formal and the actual starting points for independence are different. Formally, independence in internal auditing is ensured by the fact that internal audit is only administratively accountable to the top management, and functionally to the supervisory body. The latter gives consent to the recruitment and remuneration of the internal auditor.
The key equality that should apply to every control or supervisory function is independence.
But both functions face business risks, changes in legislation, organization, innovation, accelerated digitization and a greater emphasis on security. Thus, constant changes in the environment and new requirements (eg for greater security, eg personal data, infrastructure…) are a mandatory part of the annual review of both functions.
Ways of cooperation - possibilities for synergy effects
Education, research and development in the field of compliance and ethics and care for the development of the business compliance officer profession.