As a collection agency, your compliance team has likely already worked long and hard to ensure that you follow all of the laws, rules, and regulations regarding how you do business. From protecting important client information to complying with the plethora of state-specific laws and preventing a cyberattack, you know exactly what rules you’re playing by. But when it comes to creating an audit strategy that truly reveals your company’s strengths and weaknesses, do you know what to do?
To help you make the most of your internal compliance audit, we’ve put together this two-part series. In this first half, we discuss the process of compiling a master list of rules and regulations and creating an audit strategy to reflect your success. In the second half, we discuss performing the audit and effectively implementing the results of your findings.
Creating a Master Compliance Database
The first step to making an audit plan is figuring out which rules your company must follow. You likely already know all of this, but putting it all together in one master database is the key to creating an effective auditing strategy.
In an Excel spreadsheet, create a list of the state and federal rules and regulations that apply to your company. Once complete, add your company’s work standards, including all rules about access to data, customer service standards, vendor management, client requirements, etc.
Once you’ve compiled the rules and requirements, attach the proof of how your company complies with each of them in the form of the applicable policies and procedures as well as evidence that you’re adhering to them. This list will serve as a master database for compliance and will be integral to creating your audit plan and assist you in passing external audits in an organized and efficient manner, which external auditors love. There’s no better feeling than turning an anticipated two- to three-day on-site audit into a one-day audit because you’re organized and transparent.
Planning the Internal Compliance Audit
After you’ve created your master compliance database, go through the list and create an internal audit strategy. You want to consider how you can grade each item in your database. Some will be an easy yes or no. For example if the question is, did the employee identify the company they work for within the first 10 seconds of the call? The answer is a simple yes or no. If, however, the question is about who has access to the customer information database, you may need a more subjective approach.
The goal of this step is determining whether you’re failing or passing when it comes to following each item in your master compliance database. So be sure to break up the rules, regulations, and work standards by type so it’s easier to perform the audit.
Also plan to break up the work between the departments and have each person report back to the person in charge of the audit. Steps to consider include employee interviews, documentation audits, and a process review.
Remember that the purpose of the audit isn’t to point fingers or place blame but to ensure that your company’s processes and systems are working effectively so they’re profitable and follow all of the rules. When it comes down to it, it’s more profitable to be self-regulating and ensure compliance on your own than it is to go through an external audit after realizing that you’ve unintentionally broken a rule.
Stay Tuned for More
Next week on the DialConnection blog, we’ll go into the second part of this two-part series. We’ll discuss effective strategies for performing your audit and how to use the results of your audit as a springboard for positive change.
Leave a Reply