There are two basic tools in the continuous improvement cycle for any best practices compliance program. They are monitoring and auditing, but they can be misunderstood due to some basic differences.
Monitoring is a commitment to reviewing and detecting compliance variances in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis across a wide spectrum of data and information.
Auditing is a more limited review that targets a specific business component, region, or market sector during a specific timeframe to uncover and/or evaluate certain risks, particularly as seen in financial records. You should not assume that because your company conducts audits, however, that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring.
Although unique in their respective protocols, the two functions are related and can operate in tandem. For example, monitoring activities can sometimes lead to audits, if for instance, you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to further investigate the issue.
Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.