Four Wildly Effective Ways Compliance Can Work with Internal Audit

In many companies, Internal Auditors know more than you do about the everyday life of the business.  You may do training on the ground for one or two days, but Internal Audit stays for one to two weeks or more. 
Outposts in Sudan?  Small business units that never reach critical mass in order for you to travel to them?  Travel ban for compliance or other training?  Internal Audit probably still visits in person.  How can you leverage this tremendous resource in a way that is palatable to Internal Audit and helpful to the compliance program?   
In some companies there is a turf war between Internal Audit and Compliance, but there’s no reason for that.  Used properly, Internal Audit can be your best friend.  You can help each other to do you jobs more effectively.  Here are four highly effective ways to work with Internal Audit.

No. 1: Institute a Pre-Audit Check-In
Before I began Spark Compliance Consulting, I was Chief Compliance Officer at United International Pictures, the joint venture of Paramount Pictures and Universal Pictures for movie distribution in 65 countries.  Although I travelled to an average of 16 countries each year to do in-person compliance training, I could never visit all of the countries.  However, our Internal Audit team did.  I asked our head of Internal Audit to have a pre-audit phone call with me whenever he went to a new country.  On our call we would discuss the following:

Were there any known compliance issues in the country?
Are there any regulatory investigations going on, or hot laws in the country to which we’re responding?
Has anyone in the territory declared a conflict of interest that we want to follow up on?  If so, is there anything Internal Audit should be checking for while they are there?

This check-in allowed Internal Audit to be highly aware of any issues.  Of course there were times when I couldn’t share information about an investigation or an unresolved conflict of interest, but when I could, it was extremely helpful as Internal Audit would keep their eyes open when they were visiting to spot problems they might not otherwise see.

No. 2: Add Compliance Elements to Include in the Audit Scope
One way you can work with Internal Audit is to add a couple of compliance-related elements into the Audit scope.  You may need to negotiate with Internal Audit or the finance leaders to do this, but it is well worth the negotiation. Consider adding these compliance elements into the audit scope:

Evaluation of one or two extra randomly selected high-risk receipts.  If your company uses consultants in countries with a high risk for bribery, instruct Internal Audit to review one or two invoices from these consultants to look for red flags.  Or, if your company imports or exports materials, have Internal Audit review several customs invoices and receipts looking for miscellaneous fees or facilitation payments.  These checks on high-risk receipts can be highly effective to help you find problems.


Have Internal Audit ask about the compliance and ethics program of licensees, intermediaries or other high-risk agents.  Internal Audit doesn’t need to comment or instruct about such programs; they can simply report back on whether the intermediary has a formal compliance program or Code of Conduct. This information can help you to prioritize your resources to focus on higher-risk intermediaries that don’t have their own internal resources for handling ethics and compliance issues.


Ask Internal Audit to do a spot-check of expense reports or receipts for gifts and entertainment to see if your gifts and entertainment policies are being followed.  Internal Audit should try to find receipts for gifts or entertainment offered to government officials if they are available, but either way, a spot-check of such receipts or expense reports can prove invaluable to check compliance with your procedures and policies.


Internal Audit can be instructed to check that compliance materials are available and posted where you’ve instructed.  For instance, if you have posters for your Ethics Helpline, Internal Audit’s scope can include a check to see that the poster is up in the local language and readily visible to all employees.  This is an easy way to ensure that your instructions are being followed globally.

No. 3: Have a Post-Audit Catch Up

After the audit is complete, have Internal Audit call you for an informal catch-up.  Ask about the culture in the country or business unit.  Were the salespeople stressed out or under unreasonable sales goals which may lead them to compromise their ethics?  Is there a dictatorial style of management or bullying occurring?  How was morale?
Last year the Institute of Business Ethics published a fascinating white paper on the capacity for Internal Audit to perform checks on culture.  I attended the launch party for the paper in London, and much of the discussion revolved around the observation that many Internal Auditors are uncomfortable trying to quantify culture in a way that could confidently be included in an audit report.  My suggestion is that you bridge this ground by giving Internal Audit space to informally report to you about the culture that they see during their audits so that you can follow up where appropriate and target training or travel to countries and business units which may have problems or issues.

No. 4: Do Audit-Specific Training
In order to best utilize the Audit team, you should arrange special live or webinar training to help Internal Auditors to identify the red flags they are likely to see during their audits.  Instead of performing generic anti-bribery training, talk to the Internal Audit team about red flags, and give them real examples of how other companies have gotten in trouble or share examples of problematic payments you’ve found at your company.  The more information Internal Audit has, the better.  My experience is that good Internal Auditors enjoy the hunt for improper payments, and arming them with the knowledge to find them is a fun experience that you will both enjoy.
Internal Audit can be your best friend.  The men and women in these roles spend more time on the ground than you ever will unless you’re performing an investigation.  You can leverage their time to enhance your program and create a stronger defense against illegal and unethical behavior.   
This post originally appeared on LinkedIn Pulse

Share the blog!

Kristy Grant-Hart

Kristy Grant-Hart

Kristy Grant-Hart is the founder and CEO of Spark Compliance.
She's a renowned expert at transforming compliance departments into in-demand business assets.