Monitor and audit compliance measures

Table of Contents

 

On this page:

What this means

Monitoring and auditing are tools to check for possible risky or illegal activity and to help you determine if your compliance program actually works in practice.

Monitoring is carried out proactively and in real time. Auditing is done after events and activities have happened. Through monitoring and auditing, you can check whether your people are following your compliance policies, procedures and internal controls.

If you find any instances where the law might have been broken, do an internal investigation. Your investigation can help you decide what to do next.

A small reminder on what makes a compliance program credible and effective

Your compliance program needs to be credible and effective to truly help you.

To be credible, your program must at a minimum show your business’ genuine commitment to obeying the law and competing fairly.

To be effective, your program must inform all your people, and those acting for your organization, that compliance is important. It must inform them of their legal duties and your internal compliance measures. It should also give you the tools to prevent and detect misconduct.

Your program should be reasonably designed, implemented and enforced in the circumstances. This means that it addresses your organization’s risks within your resources and in light of your business activities.

Why it matters

Monitoring your program and auditing compliance are ways to find out if your program works in practice, for instance, whether your program was helpful in preventing illegal activity in a challenging situation.

If you make it known within the organization that you monitor and audit, you can deter or discourage risky behaviour or potentially illegal activity. Monitoring and auditing are fundamental to any credible and effective compliance program.

If you’re a small business...

Businesses of all sizes should monitor and audit compliance with the law. The process doesn’t need to be complex or costly. Smaller teams can more easily monitor compliance efforts and audit compliance. For monitoring, for example, a manager could “ride along” with a salesperson to see what they do on sales calls. Auditing could include having a manager check out expense reports from employees in at-risk roles to see if there was contact with competitors.

Use this guidance to prepare monitoring and auditing systems that are tailored to your size and your risks.

How you can monitor and audit effectively

Your compliance program should help you prevent, detect, report and resolve unlawful conduct.

A credible and effective compliance program should have monitoring and auditing systems that enable your organization to:

  • manage your business effectively
  • identify emerging risks
  • deter and detect misconduct
  • improve how you train and communicate with your people
  • hold individuals accountable for their actions
  • identify and fix weaknesses in your program
  • determine the program’s overall success

Monitoring and auditing activities should be coordinated by the compliance officer. The compliance officer and team should be allowed to:

  • thoroughly inspect the implementation of the compliance policies, procedures and controls
  • have unrestricted access to all records, data, locations and personnel
  • conduct a detailed, professional internal investigation of compliance issues
  • take necessary steps to stop ongoing misconduct and prevent future problems

Senior management should support the compliance officer in these duties. They should ensure the compliance officer has enough resources to effectively monitor and audit.

Everyone in your organization should cooperate with the compliance officer and their team by providing necessary information and access to people, records and systems.

Tips for monitoring and auditing

  • Monitor and audit on an ongoing basis, including reviewing and updating your policies and procedures to cover key risk areas for your business
  • You should determine the frequency of monitoring based on your particular business operations and risks
  • Conduct occasional checks — both planned and unannounced — to audit compliance, including reviews of paper or electronic files
  • Use data analysis to look for unusual patterns in pricing, market share, and sales figures
  • The results from data analysis can help you determine which people to interview in an internal investigation
  • Auditing should be done when any risky or illegal activity is suspected
  • When illegal activity is discovered, act quickly and cooperate with the Competition Bureau fully
  • Document all compliance monitoring and auditing efforts thoroughly as these efforts could support a due diligence defence in relation to certain types of deceptive marketing practices

If you’re a small business...

Data analysis for a smaller business could simply mean looking at your numbers from the perspective of compliance and potential risk, rather than just for profit and loss. For example, you might see a pattern where all your sales are in only one part of a region. This could point to a potentially illegal market allocation scheme. That is, an agreement between competitors to divide up a market, customers or territory.

DISCLAIMER: Because every situation presents unique facts, the information set out herein is provided for general information only. This content is not a substitute for legal advice, nor is it a binding statement of the Commissioner of Competition’s position on the requirements or efficacy of any particular compliance program. Indeed, there is no one-size-fits-all approach when it comes to achieving credible and effective compliance.

We’d like your feedback on this page! You can provide input on how we can improve by visiting our consultation page