(Note - this post is written for compliance officers by Spark Compliance Consulting's CEO, Kristy Grant-Hart)
Do you need a compliance program evaluation? And if so, should it be done by an outside party? It can be scary to allow an outsider to perform an assessment. I know this first hand – when I was in-house, I remember being deeply uncomfortable when we brought in the evaluators. Would the assessor say my program was terrible, which would embarrass me or make me look bad? Would they say everything was great, when I knew there were unresolved problems, and then management wouldn’t hear my requests for more resources? Was it worth subjecting myself and the program to a review?
The short answer is yes, it was not only worth it, my program benefitted for years to come. Here are four reasons why that’s true:
No. 1: Program Evaluations are Expected Under Regulatory Guidelines
Make no mistake, the Federal Sentencing Guidelines say that to companies need to “evaluate periodically the effectiveness of the organization's compliance and ethics program.” Likewise, ISO 37001 requires auditing of the anti-bribery program on a regular basis. Obtaining and maintaining certification requires it.
There’s good reason regulators expect program reviews, because you can’t improve without them. Why is it critical to have an external reviewer? Because…
No. 2: You Can’t Effectively Audit Your Own Work