Case Study: Compliance Audit Services Supporting Regulatory Assurance and Governance Strengthening

Background on Case Study Compliance Audit Services

One of the financial services firms operating in Singapore was regulated and was experiencing a stage of operational growth, such as new products, improved digital processes, and greater client activity. As the organisation expanded the top management realised the need to independently determine whether the current policies, procedures and controls were compliant with the regulatory requirements and the organisational standards.

Although compliance obligations were incorporated in the operations of the business, the management wanted to know more that regulatory obligations were being properly followed throughout in the organisation. Specifically, the company desired a clear evaluation of its compliance system in regards to the changing regulatory demands and internal control governance standards.

In order to improve this goal, the company hired our Compliance Audit Services to provide a systematic and independent audit of its compliance environment.

Issues and Challenges

There were a number of challenges that the organisation experienced that demanded a compliance audit.

One of the challenges was poor visibility of compliance effectiveness. Despite the existence of policies and procedures, the management did not have an independent assurance on whether the controls were being applied in the intended manner or not.

Other issues were regulatory complexity. The company was also exposed to several regulatory demands that included licensing terms, AML/CFT, terms of conduct, and terms of operations. It became more difficult to have consistent implementation between business units.

The risk was also brought about through operational growth. New systems and processes were introduced at a high rate, which raised the chances of introduction of control gaps or inconsistencies that could not be realized instantly by the management.

Governance and accountability were other factors that caused complexity. When it comes to compliance roles and responsibility, there were also instances where they were not well-written or comprehended across teams, which posed the danger of lost oversight.

Lastly, the management tried to enhance regulatory preparedness. Proactively discovering and fixing compliance gaps by having an internal audit-style review was considered as one of the methods to minimise supervisory risk and increase organisational discipline.

Objectives

The main aim of engagement was to ensure the management of the company its effectiveness on its compliance framework.

Particularly, the organisation was interested in:

• Examine comparability between the regulatory regulations and internal policies.
• Assess the design and execution of the major compliance controls.
• Determine gaps, inconsistencies or points of improvement.
• Enhance the systems of governance and accountability.
• Increase readiness of regulatory reviews, or supervisory interaction.

The compliance audit was to be constructive, risk-based and practical.

How We Helped

We used a risk-based and structured compliance auditing which was in line with the regulatory profile, business and complexity of operation of the organisation.

We started by a scoping and planning process. We collaborated with the management to establish relevant regulatory requirements, the risk areas, and audit priorities. This guaranteed that the audit centred on the areas in which there were greatest regulatory and operational concerns.

We made a thorough review of the compliance framework. This involved the evaluation of the policies, procedures, governance arrangements and reporting structures in relation to regulatory expectations and industry best practices.

Fieldwork entailed the process of testing implementation of the chosen controls by reviewing documents, conducting walkthroughs and conducting focused interviews with key personnel. This assisted in evaluating the policies on whether they were converted into day to day operations effectively.

Governance and oversight was one of the areas the audit was keen on. Role definitions, escalation processes, and management reporting were the areas reviewed to assess the clarity of compliance responsibility assignment and the proper monitoring.

The management of regulatory change within the organisation was also evaluated, looking at how the regulatory changes were detected, evaluated, and implemented into the internal structures.

During the engagement, we had open communications with the management to explain observations, confirm knowledge, and verify facts.

Value Delivered

This case study shows that Compliance Audit Services could be valuable in the provision of regulatory assurance and governance strengthening.

The engagement assisted the management in having a better understanding of the effectiveness of its compliance framework, as well as the areas that need additional focus, through an independent and structured review. Internal accountability and compliance awareness was also enhanced in the organisation through the audit process.

The audit compliance framework used in this engagement gave a sound framework on continuous compliance monitoring, internal control improvement and regulatory preparedness.