Photo by alessia cocconi on Unsplash
3 Steps to Nail Your Next Audit
BY Leila Shaver
GUEST CONTRIBUTOR
Compliance audits are incredibly stressful and being unprepared can make things worse. In my last post, I walked through some of the basics of the audit process and the common mistakes to avoid, so what’s next? Putting together a complete plan that not only prepares your firm pre-audit, but during and afterwards as well.
Taking the time to create a comprehensive audit plan will go a long way toward making the process a lot more painless. Here are some major steps to take:
1. Train your compliance team
Even if your compliance team is just a couple of people — or one person pulling double duty on top of their normal role — firms need to make routine compliance training a priority. There is a ton of ground to cover, and regulatory bodies release new updates all the time. Build compliance training into the onboarding process and set some benchmarks to understand where your knowledge gaps are. Not only will you be less likely to violate industry standards and regulations, but your team will be better prepared to respond to an audit notification.
Be sure to look for ways to use regulatory technology (RegTech) to help out your compliance team, as well. A dedicated RegTech platform is able to track your compliance requirements and send out alerts when a deadline is approaching. Larger firms that manage multiple branch offices in different locations can also use these solutions to keep an eye on compliance demands across the board and make sure that nothing slips through the cracks.
2. Create a detailed audit plan
When the day of your in-person audit finally arrives, you should have a complete playbook guiding you through the process. Anticipate what questions examiners will ask and have your responses ready to go. Consider what follow-up questions they might have and come up with answers to those as well. Dot every ‘i’ and cross every ‘t’ — no detail is too small to address.
For instance:
- Who will greet the auditors when they arrive?
- What parts of the office will be visible or available to the auditors?
- Who will be your main point of contact during the audit?
- Who needs to be in the room to answer billing, reporting or technical questions?
It’s also a good idea to print out a copy of the document request list and have it handy during the audit. That way, you can refer back to your prepared responses and avoid misspeaking or giving more information than necessary.
3. Prioritize your deficiency letter
Assuming the audit turns up some problem (and they almost always do), auditors will send a deficiency letter detailing those issues and any deadlines by which to fix them. In more extreme cases, auditors might schedule another in-person assessment to check the firm’s progress.
Don’t wait to address those issues. Be proactive and fix them as soon as possible. Also, be sure to fully document whatever remediation steps you’ve taken and share that information with the examiner. You can head off any follow-up action and show auditors that you’re taking the necessary steps to correct whatever problems they spotted. The last thing you want to happen is for the same issues to reappear during another audit, landing your firm in even more trouble. If you think a compliance audit is bad, just wait until you get a visit from the SEC’s regional enforcement team.
Make no mistake: Compliance audits are stressful and difficult to manage. With a little preparation, though, you can make the process go a whole lot smoother. So, take the time to prioritize compliance demands and create a standard response plan. Your future self will thank you for it.