Compliance:
Best Practices

These Compliance department best practices (sometimes referred to as leading practices) are work methods that are proven to be superior to other, similar methods. Adopt these corporate Compliance and Internal Audit best practices to improve efficiency and work quality.


Financial Compliance

Typical Practice (Bad)

Allow all accounting employees to edit and add items to the general ledger.

Best Practice (Good)

Restrict the making of general ledger (G/L) entries to a single employee (the general ledger account manager) who is accountable for adding and editing all G/L information.

Business Impact: Reduces instances of duplicate entries and late submissions to the general ledger that impact the financial reporting accuracy.


Information Technology (IT) Compliance

Typical Practice (Bad)

Provide sensitive information to third party technology vendors upon request but only when absolutely required.

Best Practice (Good)

Document any sensitive information that must be provided to third party technology providers, noting the vendor name, contact information, what information was sent and how the vendor will use the information.

Business Impact: Ensures that the vendor uses the information responsibly, and reduces risk related to possible vendor data leakage or security breach.


Internal Audit

Typical Practice (Bad)

Notify all affected employees of an upcoming internal audit at least three days prior to its start date via email or announcement from management.

Best Practice (Good)

Prior to an internal audit, communicate (via email) the schedule, leadership, scope, objectives and processes involved to all employees who will be a part of the audit.

Business Impact: Allows all affected employees to prepare for the upcoming audit thoroughly and to allocate a certain amount of time to deal with audit activities.


Licensing & Contracting

Typical Practice (Bad)

Sales representatives only meet the minimum number of requirements needed and tend to view further education as a hassle.

Best Practice (Good)

Create stricter requirements for sales representatives to emphasize that salesmen should have more certifications and continue their education in their field.

Business Impact: There will be an increase in the number of certified salesmen while promoting continuous education and overall knowledge about the product.


Policy Creation

Typical Practice (Bad)

Train employees on compliance procedures in large groups to print and distribute literature on related guidelines and policies.

Best Practice (Good)

When educating employees on compliance procedures, send out mass emails stating the importance of adherence to each policy. Provide factual information on the ramifications of non-compliance, both at the individual and organizational levels.

Business Impact: Increases the likelihood that employees will strictly follow compliance guidelines.


Policy Enforcement

Typical Practice (Bad)

Focus only on internal compliance. Allow business partners to develop and audit their own compliance activities.

Best Practice (Good)

Ensure that all business partners (vendors, clients, venture partners, etc.) are also in compliance with policies, industry regulations and federal and state laws.

Business Impact: Reduces risk and expense related to non-compliance of business partners. Recent legislation, such as a Gramm-Leach-Bliley Act, requires financial institutions to ensure that business partners take similar security measures.


Regulatory Reporting

Typical Practice (Bad)

Export general ledger data into an Excel spreadsheet to compile data for regulatory reports.

Best Practice (Good)

Regulatory reporting software should interface directly with the general ledger system.

Business Impact: Reduces the amount of manual work in the reporting process, which drastically reduces reporting cycle time and improves report accuracy.