Ethics Whisperer

Monday, February 16, 2015

4 Myths about Compliance Program Assessment

The first myth about compliance program assessment is that it is an optional part of an effective compliance program. The same sentence in the Sentencing Guidelines that mandates a hotline also mandates compliance program assessment. And, even if program assessment were not mandatory, it is would be incumbent on your organization to undertake assessment. Organizations measure what is important to them.  If there is no call for compliance program assessment in your organization, your compliance program is not as important as it should be.

The second myth about compliance program assessment is that an internally conducted assessment is as good as an externally conducted assessment. Internally conducted program assessments are good and they are useful. But they are also conflicted. It is a rule in audit - and should be a rule in compliance - that you don't audit your own work. Both compliance and internal audit are part of the control environment of the organization and both need to be periodically assessed externally. This need not be an annual activity but there should be a fixed schedule such as every 3 or 5 years.

The third myth is that it is risky to have an external program assessment since it may turn out negatively. It is true that an assessment that turns out positively is more protective than one that indicates a flawed compliance program. But we have seen more than one case in which a negative assessment, when paired with a detailed plan of remediation, has forestalled a CIA or other enforcement action. Why? The fact that you conducted and acted on a program assessment indicates that your organization takes its compliance program seriously and will remedy weaknesses without prodding from the outside.

A final myth about compliance program assessment is that everyone uses the same standards. While this may seem to be the case, different consultants interpret the relevant external standards in widely different ways. The standards to be used in your assessment should be fully disclosed before you choose an assessor. A good assessment also includes bench marking. Boards and senior executives are often indifferent to consultants’ opinions. But they are interested in real information about how your organization stacks up against other like organizations. For more information visit


Post a Comment

Subscribe to Post Comments [Atom]

<< Home