Consistent Communication Key to Company Compliance


With controllers, internal audit, management, external auditors and the audit committee playing roles in a company’s compliance and risk management frameworks, constant communication among all parties is key to reducing risk and effective compliance.

“We’ve found that with our auditors, the sooner we can bring them into a potential matter that we’re working through, the better it is to get to a quicker resolution,” said Linda Zukaukas, Executive Vice President and Corporate Controller of American Express.

“Oftentimes, there will be instances where it’s not just the engagement team that we’re dealing with that we’ll need to be consulting,” Zukaukas said. “They might need to consult others on the broader team, or even on occasion take matters to the national office or other advisors, and these things can take time. We’ve found that it’s best just to formulate our views, and then to engage in dialogue with the auditors, at a pretty early stage.”

Similalry, John Rhodes, a Deloitte partner, said consistent communication is key to an efficient audit and to reducing last-minute surprises from complex accounting issues.

“For the highest quality of reporting and auditing, establishing a regular cadence and protocol for interaction is very helpful,” Rhodes said. “Certainly, it enhances the quality of our audit...It’s really helpful to have frequent discussions where the senior members of the audit team engage with management on a regular basis, hopefully weekly, with the finance department and internal audit, even the CFO’s office. The meeting should become a continuous and natural discussion process, as opposed to an event-driven process.”

And just as management and external auditors should be communicating regularly, internal auditors should also work to establish relationships and regular dialog with company managers, said Michelle DeBella, Global Head of Internal Audit for Uber.

“You have to talk about what kind of things would rise to the level of communication with the audit committee, so management has that clear view and can come to you with and say, ‘I’ve got a problem with an issue and I could use your help,’ and what things are going to pique the interest of external auditors or the audit committee, and putting that in a broader risk management framework,” DeBella said.

DeBella added internal auditors need to maintain an ongoing dialogue with management, not just interact with they’re testing the company’s controls.

“You have to be talking about risk management and improving the control environment all the time. You have to have a common understanding of the company’s risk tolerance, and make sure the audit company understands that as well.”

Similarly, the audit committee plays a critical oversight role in a company’s risk management framework, said Joan Amble, president of JCA Consulting and a longtime director on several public companies. As part of that role, Amble said, committee members need to develop comfortable relationships with senior executives as well as staff members who may succeed them someday.

“I think developing relationships with the finance team is incredibly important, and meeting with them not just in the audit committee, but outside the audit committee…” Amble said. “I really look to how well those team players play together. It doesn’t help to just hear internal audit’s views, or the external auditors’ views or the chief accounting officer’s views. In managing risk, you want to see how the first, second, and third line of defense work together, because together they may create a different picture in terms how they think about things strategically.”