3 Tips to Help Organizations Come Out on Top
“Compliance audit” is one of the last things a financial advisory firm hopes to hear, but it’s an inevitable, unavoidable fact of life for most. Fortunately, there are steps financial advisory firms can take to mitigate the requisite time and work of an audit, while paving the way to a successful outcome. Nuance’s Stacy Leidwinger discusses.
The words “compliance audit” tend to strike fear and anxiety in even the most reputable, meticulously run businesses. The reason is simple: compliance audits are viewed as unwelcome intrusions that detract from more strategic ends, all while absorbing an unsavory amount of time and resources. According to recent statistics, a typical financial audit today costs at least $10,000, and that figure is expected to rise.
A proactive focus on document management and document-based business processes – particularly the implementation of digital workflows – can help decrease the unnecessary time and pain associated with an audit. While organizations across industries face different types of documentation requirements in demonstrating compliance, here are three universal strategies that can help organizations navigate an audit more smoothly and increase their chances of passing with flying colors.
1. Document, Document and Document Some More
The ability to minimize the time and cost of an audit depends, in large part, on the condition of books and records. It is vital for organizations to cultivate a culture that prioritizes accurate, real-time documentation across key departments and employees.
Audits such as GAAP in the financial sector have traditionally focused on an organization’s bills and receipts, but the recent rise in remote and mobile workers has resulted in business expenses emerging as an area of scrutiny. Workers must understand the importance of diligently recording and submitting expenses, but this tends to be an unpopular assignment. Fortunately, smartphones have enabled a whole new set of efficiencies, and tools like mobile capture can make recording an expense as easy as snapping a photo and routing it to its proper online destination through a pre-defined workflow.
Additionally, when it comes to transactions that may be perceived as unusual, workers should be extra diligent in saving all documentation so it is on-hand and readily available. If an organization is working with an independent auditor, it should even consider relaying the transaction and associated documentation proactively and in real time, even if outside the parameters of an audit.
2. Facilitate Retrieval
During the fieldwork phase of an audit – the phase when an audit team is physically on site performing their work – organizations can expect to be asked for a lot of documentation, some of which may seem a bit arcane or random. For example, one of the most common errors discovered in GAAP audits is organizations reporting monthly rent expenses 12 times, even though they may have received an incentive for signing a lease, like the first month or last month rent-free. For these reasons, it is not uncommon for auditors to request extensive lease documentation.
The burden of producing documentation is a primary factor leading to higher audit time frames and auditor fees. It therefore behooves organizations to ensure their documents are easy to locate, which can be a much more formidable challenge when these are largely paper-based and scattered across the enterprise. It is easier to find an electronic file (through document search term functionality) than it is to find a paper buried deep in a back-closet file cabinet.
The first step in making documents more readily discoverable is to convert them to electronic format and then store them in easily accessible online files. Some organizations, particularly in the financial services sector, may have so much paperwork on hand that they don’t know where to start. Fortunately, recent advances enable digitization of paper-based documents in bulk with minimal user intervention. If paper has been accumulating for many years, a good rule of thumb is to begin by digitizing documents that are a year old or less, and if time allows, three years or less.
Once the organization has standardized on digital documents (as much as possible), the next step is to establish digital workflows that replace paper-based workflows and allow documents to be accurately routed to their proper online file destinations. Advances like artificial intelligence (AI) reduce the amount of human intervention required through the ability to identify and classify documents according to type – for example, identifying terms like “accounts receivable” and automatically categorizing such documents as customer payments.
3. Demonstrate Document Security Safeguards
Validating security of sensitive information is a cornerstone of many forms of compliance audits, including HIPAA and GDPR. Enhanced security is just one more reason why paper-based documents should be converted to digital. In addition to being easier to locate, digital documents containing sensitive information are inherently more secure since they’re less prone to being lost or misplaced and inadvertently exposed to “prying eyes.”
Any digital documents containing sensitive data should be password-protected or maintained in an appropriately restricted network location. But even with these measures in place, lapses can still occur – digital documents can be accidentally emailed to the wrong recipient or saved in a folder accessible to unauthorized employees.
To address these risks, organizations can apply additional security measures like leveraging AI to recognize sensitive information (such as social security numbers) and then applying encryption or redaction to ensure sensitive data is protected, even if it falls into the wrong hands.
Generally, replacing manual processes with automated, standardized processes can reduce security risks while also making it easier to demonstrate and ensure compliance. Basic human error occurs more frequently than one might think, especially in this age where workers are moving much more quickly. Auditors often randomly survey processes to ensure there are no breaks in compliance, and the prevalence of breaks is often inversely proportionate to the level of automated security measures in place.
Conclusion: Always Be Prepared
Compliance audits for most organizations are not a matter of “if,” but “when.” Increased scrutiny of issues – ranging from individual privacy protection to environmental regulations to technology licensing and financial transparency – are making compliance audits of all types a more common occurrence. Some organizations (like the IRS) now even augment full-scale audits with more routine compliance checks that may be a bit less rigorous, though they still require a degree of preparation. Furthermore, it seems that new compliance requirements are always being added, while few (if any) are eliminated.
In the world of compliance audits, the old adage “an ounce of prevention is worth a pound of cure” is fitting. While organizations may never be able to fully avoid the legwork or inconveniences of an audit, proactive measures targeted squarely at business documents can go a long way to shorten the discomfort and time taken away from more strategic business imperatives.