CFO Perspective: Presenting Regulatory Compliance to Your Audit Committee

By Mark Kissman, CFO, Pathlock Technologies

The Audit Committee plays a critical role in reviewing an organization’s strategy for achieving

compliance with accounting regulations and standards and the resulting internal controls over financial reporting. However, they are increasingly getting involved in the oversight of risks related to industry and workplace regulations on the business. Key findings from a recent KPMG Audit Committee survey showed that the majority of audit committee respondents pointed to government regulation and legal/regulatory compliance as risks posing the greatest challenges for their companies.

As the primary executive that interacts with the Audit Committee, we are in a unique position to help them get the information needed to gain a comprehensive understanding of how the company is managing regulatory requirements across the organization.  We should be able to help them answer: Who is accountable for achieving and maintaining compliance? How do we monitor the controls taking place? What impact do regulatory changes have on our internal policies? How do we prove compliance?

One effective element to accomplish this is to provide the Audit Committee with a single view of compliance data and activities. High level reports could include:

• A list of regulations relevant to the business and the impact they have
•  Any gaps in existing controls and plan to close those gaps
• Tracking of regulatory and business changes and status of addressing those changes
• Results of control testing and monitoring and remediation activities

By providing this information you’ll go a long way in helping the Audit Committee focus on areas that need their attention.

As always, automation is the key to timely and consistent reporting. Automating controls will enable you and the officers responsible for compliance (General Counsel, CIO, CISO, etc.) to centralize the disparate landscape of regulatory requirements, facilitate collaborative decision-making processes between stakeholders, and integrate operational and internal controls processes so that compliance becomes a byproduct of controls best practices. You’ll then be able to demonstrate to the Audit Committee how the company can confidently assess and respond to regulatory changes, accelerate compliance with new and changing mandates, and expand controls automation across systems.