Guidelines for Auditing Ethics and Compliance Programs

Written by Steven Randall, Partner, Vonya Global

Auditing EthicsAuditing ethics and compliance programs ensures that an organization “walks the walk.” This is the way any business can safeguard itself against fraud by seeing that the practices that exist in its daily operations match up with the procedures it espouses in its policies and code of conduct.

Neglecting internal audit’s role is risky. In the post-Enron era, all organizations should be aware that clashes between official ethics statements and employee behaviors can lead to disaster. Furthermore, the United States Sentencing Commission modified the Federal Sentencing Guidelines for organizations in 2010; these changes include the provisions concerning effective ethics and compliance programs. The eyes of the public and the government are on organizations. Internal audit to audit the ethics and compliance programs will ensure that the ethical house is in order.

Furthermore, businesses that don’t conduct ethics audits also risk losing the faith of their employees. Declining morale follows, and that is an even more dangerous situation. It opens the potential for fraud and other forms of ethical risk. No one wants to conduct business with an organization in that position.

Set the stage for effective audits

Effective audits demand a well-trained team with diverse skill sets. The team must also possess a clear definition of both ethical behavior and standards for compliance; ethics and compliance are not the same. Remember that ethics are about behavioral standards while compliance is about following the law. While there often is considerable overlap, they are not exactly the same.

In practice this distinction plays out frequently in companies with international presences in multiple countries. For example, say you have a branch in a country that does not regulate child labor. You may well be in compliance even if you employ children in hard labor at that branch. However, it would probably behoove your organization to take a stronger ethical stance and refuse to do that. (This will, no doubt, save your company from bad publicity at a minimum.)

Best Practices for Auditing Ethics and Compliance Programs

Policies Matter

Ensure you have the best possible policies in place before you begin. As your team conducts an ethics audit, they compare your policies as the ideal to the actual behavior of your employees. Make sure you’ve provided them with guidance that is in fact ideal, and that is as detailed and specific as possible. It benefits them, and it allows your auditing team to make better comparisons.

Dream Team

Your auditing team must be cross-functional and highly skilled. At least one team member should be an HR professional, and at least one must have some familiarity with the targets of the audit. Ideally your team will also have a legal specialist and an ethics specialist.

By the Numbers

Create metrics for your team to use. Your audit should be as quantitative as possible. Ethics audits will never be as quantitative as financial audits, but they do work best with tangible metrics. One way to implement this across the board is by making ethics goals a part of your annual performance reviews. You can also connect ethical behavior to compensation goals.

Lean and Mean

Ensure your team audits efficiently and minimizes disruption of normal operations. Do not “double up” on audits and combine ethics audits with internal audits from other departments. Warn all impacted employees in advance, provide schedules, and make sure there are no surprises for anyone.

Talk Them Through It

Communication is key to effective auditing. Respond consistently to all inquires. Respond to all ethics violations with discipline that consistently follows your company procedures, codes of conduct, and policies, every single time. Use anonymized examples of ethics violations for ethics trainings to prevent the same problems from recurring.

The Bottom Line

Effective auditing does more than protect your company. It offers opportunities for modeling ethical behavior and creating trust with employees. It also allows you to inspire confidence in clients. Auditing ethics and compliance programs is smart business. Failure to do it is a risk no one can afford.


This blog post was authored by Steven Randall. Steve is a Managing Partner with Vonya Global, a premier provider of internal audit co-sourcing, outsourcing, and consulting services; a member of the Institute of Internal Auditors (IIA) Chicago Chapter Board of Governors; a Director of the Adler-Caris Foundation, a not-for-profit dedicated to raising funds for Alzheimer’s Disease research; the President of the Oz Park Baseball Association, a not-for-profit organization dedicated to providing fundamental based baseball in a safe environment in the city of Chicago; and an Advisory Board Member of the Chicago Youth Baseball Initiative, a University of Illinois at Chicago community group dedicated to providing Chicago youth with the opportunity to play baseball in a fun and safe environment, while offering educational experiences on a world-class college campus. Steve was recently named The Institute of Internal Auditors’ Chicago Chapter’s New Member of the Year. If you would like more information about Vonya Global or if you have a question for Steve, you may contact him through this blog, the company website, twitter, or his LinkedIn Profile.