|
||
 |
||
Four Secrets to Passing Any Business Audit |
||
|
||
 |
||
All companies have audit concerns. Public and some private companies deal with Sarbanes-Oxley financial and accounting disclosure rules; companies that take credit cards must comply with Payment Card Industry (PCI) data security standards; health care organizations deal with the Health Insurance Portability and Accountability Act (HIPAA); and we all deal with income taxes. But what if you could get yourself into a position where any given auditor was of no concern, where passing an audit was pretty much guaranteed? Below are four secrets to passing any audit, any time. 1. Know Your Compliance Landscape Understanding compliance obligations sounds simple but often is overlooked, especially in small businesses. Small companies usually are more interested in growing revenues than organizing for compliance. But overlooking compliance can really come back to bite you. Imagine getting audited for taxes, only to find out that you owe an amount equal to one year's payroll? That's no fun, so be smart about it. Organize compliance from the top down by integrating it into your corporate strategy. Take a holistic view and ask yourself which regulations and contracts require compliance, and then make a comprehensive list. Under the regulatory category, ask yourself which laws (local, state and federal) apply to your organization. Tax law applies to everybody, while employment law applies to most. Keep going until you've exhausted all the regulatory laws, perhaps enlisting the aid of a compliance expert to make sure all your bases are covered. Under the contractual category, ask yourself which contracts that are in place are subject to an audit. If you do business with the government, you will have a General Services Administration (GSA) contract, which also can be audited. If you have partners to whom you pay royalties, for example, that is yet another type of contractual obligation. 2. Get Organized Now that you have a list together, get all of your requirements together and start putting your compliance program in place. Your total compliance program will include three things: processes, people and data systems. The three work together to support each other. Map out your business processes. You should do this anyway to make sure you have control over your company, but do not turn this into a big deal.You can waste a lot of time trying to do elaborate process maps. Just get the basic process down on paper so you have a framework to deal with; you can always improve it later. Next, look at your compliance points and try to see where they fit into your process. The big picture looks like this: All companies have business objectives; inherent with accomplishing your business objectives are risks, or uncertainty of what may happen; and risks with a negative impact to some stakeholder (not necessarily your company) need to be controlled, which is why we have compliance. For example, the business objective of a restaurant is to make money. They do this by preparing food and serving it to customers. One risk in achieving that objective is the possibility of serving bad food that makes customers sick. To get this risk under control, health inspectors routinely come by to inspect the facilities. They look for things such as fresh food and clean appliances to help keep this risk under control. After evaluating compliance points in the context of processes, make sure your data systems can support your compliance objective. This can be as easy as a few spreadsheets or as elaborate as deploying a full compliance data system. Design your data systems in a way that fully support your audit function. You probably already have data systems that support your business processes, but that's not good enough. Do not try to leverage these, but instead build systems specific to the specific audit function. Finally, you must engage your people. Make sure they understand the importance of the compliance activities and educate them on how to use your compliance processes and data systems. Monitor your people routinely to make sure they are empowered to succeed. 3. Write Your Own Test It's hard to fail a test if you know all the answers. Design your own system of testing your compliance by leveraging your processes, data systems and people. Have a key audit function within the company that organizes these tests, executes them, archives the results and drives improvements back to your compliance program. You will know ahead of time where your strengths and vulnerabilities are at any given point. This is powerful information when the time comes for the real audit. 4. Make Sure You Control the Audit Most people don't know that they can take control of the audit, but it is absolutely true. If you've written your own test and know all the answers, and you control the audit process, how can you possibly fail? Be more prepared than the auditor. By following the other secrets, you're in good shape. Have your test plans in place and know your strengths and weaknesses ahead of time. Disarm the auditor immediately by indicating that you're happy they showed up and excited about the audit. Most auditors are not expecting this type of reaction. Try to position yourself as a partner and not an adversary. Most of the time you will have some notice that the audit is coming. But even if it's a surprise, set the parameters up front. Prevention over intervention is always the best policy. At the initial meeting, let the auditor know that you have a process for keeping things in control that you would like to share with them. Don't allow them the opportunity to just start poking around randomly. Always give them options to explore and make sure they correspond to your company's strengths. For instance, if you know your account receivable, cash and payables are in good shape, you could suggest the auditor examine one or all of those items. Have your data systems set up for amazing responses to the questions you lead the auditor into. After the first few times, the auditor will realize that you are well organized, and will almost always be anticipating a passing grade. An audit does not need to be a scary thing. There are ways to make sure you are never caught off guard and rarely fail. The masters of passing audits know these four key secrets: know your compliance landscape, get organized, write your own test and control the audit. Now you can be a master of the audit, too. Start today by taking an inventory of all your compliance obligations.
|
||
| ... browse more free articles | ||