Audit
Programs
AuditNet Links
AuditNet Library
Sarbanes-Oxley
Page
AuditNet
Newsletter
Ask
the Auditor
Audit
Jobs
Partner
Discounts
Search the Site
Our
Sponsors
Advertise
Sign
the Guestbook
AuditNet
Home Page
AuditNet®
Addressing Financial Compliance with Policies and Procedures
By Rose Hightower Policy Guru for APPLE
In today’s compliance-focused corporate world of business, the person assigned the task of determining and documenting a company policy on any topic has more to think about then did their predecessor.
In past years, policy advisors could get by with a general description of the line of command for authorization purposes and what should and should not be delegated from a procedure point of view. Policies and procedures were used as documenting the current process and reviewed occasionally, often with a change in senior leadership.
In today’s compliance-conscious environment, policies and procedures are living breathing documents that are referred to and used by internal and external stakeholders. All you have to do is look to the news headlines to see that Policies are front-and-center in board rooms and court rooms alike. Policies (or the lack thereof) have been used as evidence to defend a course of action.
Therefore, the development of a Corporation’s policy and procedure requires research, cross functional validation and approval. Personally, I like to begin with examining the current process, flowcharting it to reveal the various handoffs and control points. In reviewing the process, use process management techniques to strengthen weaknesses and re-engineer break points.
Once you and the other stakeholders and happy with the process, the Corporate policy regarding the process is easier to identify. Policy statements should be a corporate statement of direction often indicating primary responsibility, authority and/or process boundaries. As the policy statement is tested for accuracy and completeness, it is important to ensure compliance with rules and regulations such as U.S. generally accepted accounting principals or Security and Exchange Commission guidance.
Be sure the policy statement and the process are in alignment. For example: You wouldn’t want to describe the process for banking and have a policy statement that indicates who is approved to sign checks.
Finally, ensure that what is written is auditable; that is can be tested or proved to be working. Often what differentiates a good policy and procedure from just an adequate one is that good ones have internal control points built into the process and areas of responsibility. Because of the auditability issue it is advisable to document the current state or the Corporation’s best practice that you want to see widely implemented.
Remember a policy and procedure document is a formal corporate contract between the authoring division and the rest of the company. It is subject to the rules, regulations and audit and legal scrutiny and liability. Protect yourself by taking this job assignment seriously.
