Joe Murphy – Compliance & Ethics Professional – May 2018
As part of another recent project, the question came up, “What does it mean to do monitoring in a compliance program?” Under the Sentencing Guidelines, we are supposed to engage in “monitoring and auditing to detect criminal conduct.” So starting with basic logic, if it says “monitoring and auditing,” then they must mean something different.
If you research what “auditing” means, you will find plenty. But “monitoring”? Not so much.
Here are some basics. Auditing is retrospective in nature. You are looking back at what happened before to determine if the rules were followed and if people did the right thing. The term “audit” may be a very technical term with defined meanings in the accounting profession, but it is also used generally in the compliance and ethics field to cover a range of checking. One of the core aspects of auditing is the need for some degree of independence. Someone engaged in auditing should not be reviewing their own work. The person conducting the audit should not have an interest in what is being audited.
In contrast, monitoring generally refers to real-time reviews. Rather than looking back at what happened, one is observing activities as they happen. Although someone conducting monitoring may be independent, it is less of an expectation than is the case for auditing.
What would be examples of monitoring? This is a function that can be performed by line management. The sales supervisor may ride along with a sales person to observe how they perform. The supervisor may offer coaching on sales techniques to help the person improve. But at the same time, the supervisor should be watching for any red flags or questionable conduct.
If supervisor monitoring is to serve a compliance function, then there are steps that should be taken. Supervisors need training to spot red flags; they should know to contact their Legal department immediately at the first sign of trouble. Supervisors should also have this compliance monitoring function as part of their job descriptions and as a key part of their appraisals and incentives.
Monitoring is also a function of company lawyers and compliance people. When they sit in on business meetings, when they talk with fellow employees, and when they listen to employees in training sessions, they are also performing a monitoring function.
Of course in the age of big data, we also need to consider electronic reviews. It is possible to do automatic monitoring of company numbers and employee language. A company’s data system may detect number patterns or email language that constitute red flags.
So the next time you wander the floors, chatting with employees, and your boss asks what you are doing, just tell her you are engaged in the important function of compliance monitoring!