|
The first myth about compliance program assessment is that it is an optional part of an effective compliance program. The same sentence in the Sentencing Guidelines that mandates a hotline also mandates compliance program assessment. And, even if program assessment was not mandatory, it is would be incumbent on your organization to undertake assessment. Organizations measure what matters to them. If there is no interest in compliance program assessment in your organization, the compliance program is not as important you may think.
The second myth is that a self assessment is as good as an externally conducted assessment. Internally conducted program assessments are useful. But they are also conflicted. It is a rule in audit – and should be a rule in compliance – that you don’t audit your own work. Both compliance and internal audit are part of the control environment of the organization and both need to be periodically tested externally. This need not be an annual activity but there should be a fixed schedule such as every 3 years.
The third myth is that it is risky to have an external program assessment since it may turn out negatively. An assessment that turns out positively is more protective than one that indicates a flawed compliance program. But we have seen more than one case in which a negative assessment, when paired with a detailed plan of correction, has forestalled a CIA. Why? The fact that you conducted and acted on an assessment indicates that your organization takes its compliance program seriously and will remedy weaknesses without external prodding.
A final myth about program assessment is that everyone uses the same standards. While this may seem to be the case, different consultants interpret the external standards in different ways. The standards to be used in your assessment should be fully disclosed before you choose an assessor. A good assessment also includes bench marking. Boards and executives are often indifferent to consultants’ opinions. But they are interested in real information about how your organization stacks up against like organizations. For more information, visit Program Assessment Fact Sheet. The Trust has also offered a one day, virtual course on compliance program assessment for the past 25 years at Program Assessors Course 12/6/24.
|
