Compliance and internal audit are two closely related but distinct functions that work collaboratively to support a financial institution’s internal controls and risk management. To fulfil their oversight role, board members should be familiar with the two functions’ roles and responsibilities and how they interact to support effective corporate governance.
For example, compliance professionals ask, “Are we following rules and controls, as well as meeting regulatory requirements?” whereas internal audit asks, “Are the rules and controls effective, and are we managing risks effectively?”
Here’s a deeper look at the two functions’ similarities and differences:
Different Approaches with a Similar Goal
Compliance professionals monitor day-to-day processes, procedures, and documents to determine if regulatory requirements are being met. An effective compliance function identifies, sets, and adjusts policies and procedures, resulting in fewer findings during a formal audit or regulatory examination.
An independent internal audit function has no involvement in developing or executing programs but examines transactions and activity logs based on risk to determine effectiveness and/or accuracy of financial and non-financial processes and internal controls. Examinations may include business continuity plans, compliance programs, credit practices, IT and cybersecurity, financial reporting, and third-party risk management activities.
Internal audit and compliance should work together by collaborating closely to create a unified approach to risk management. When these two functions coordinate their efforts, they streamline processes, minimize redundant activities, and prevent organizational silos that could hinder effective data collection and risk tracking. This partnership helps optimize resources, ensuring strong corporate governance, robust ethical standards, effective internal controls, and enhanced fraud prevention. Their joint efforts support a comprehensive compliance and risk oversight framework, making it easier to identify and address potential issues proactively.
Your Takeaway
The board plays a crucial role in risk management by providing oversight and strategic direction to ensure that risks are properly identified, assessed, and mitigated. Board members are responsible for setting the organization’s risk appetite, reviewing risk management policies, and monitoring the effectiveness of internal controls and compliance programs. They collaborate closely with audit and compliance professionals, ensuring that critical issues are escalated and addressed by management, and that corrective actions are implemented in a timely manner.
To learn more about the dynamic relationship between compliance and internal audit, and to maximize your role as a knowledgeable and engaged board member, contact your Rehmann advisor or Kristy Clark, CPA, CIA, at [email protected] or 248.952.5000.