Jeff Foxworthy did a comedy bit called “You might be a redneck if…”
- “…you ever cut your grass and found a car.”
- “…you think the stock market has a fence around it.”
- “…your wife has ever said, ‘Come move this transmission so I can take a bath.’”
Using Foxworthy’s bit, I have developed some “You might not have a compliance program if the Chief Compliance Officer…” (Unfortunately, these are not even remotely funny.)
- …can’t report material unresolved issues to the audit committee.
- …can’t report material compliance plan impediments to the audit committee.
- …annual review is done by someone they occasionally have to investigate.
- …isn’t responsible for all elements of a compliance program.
- …isn’t responsible for all risk areas.
- …can’t investigate something they deem necessary to investigate.
- …doesn’t have access to people or information they need access to.
It is tough to get all these things in place. We are going through a progression. It will improve. But it’s misleading to call someone a Chief Compliance Officer if they are not performing the essential elements of the job. You can’t call something a compliance failure if you fail to have an effective Chief Compliance Officer.
It is no different for Internal Audit. “You might not be an internal auditor if…”
- …your annual review is completed by the people you audit.
- …you don’t have access to the audit committee of the board.
- …you can’t report all unresolvable and material audit findings issues to the board.
- …you can be prevented from accessing people or information necessary to do your job.
[bctt tweet=”@RoySnellSCCE It’s misleading to call someone a Chief #Compliance Officer if they are not performing the essential elements of the job” via=”no”]