More compliance monitoring, please

Relationships between relevant C&E “checking” categories can be confusing.  For example, auditing can overlap with program assessment and with risk assessment. The line between auditing and investigations is not always well marked.  Monitoring can overlap with program governance and management. Metrics are generally part of monitoring but are sometimes discussed separately. Encouraging reports of suspected violations can be seen as a form of monitoring – but is generally treated as a different animal. Other types of internal controls (e.g., pre-approvals) can also be viewed as a form of monitoring – but typically serve a different function. Monitoring differs from auditing in that it is less independent and more real time. Speaking generally, it is an under-utilized C&E function.

Monitoring by business people is often called “the first line of defense.” It can be the most immediate and least independent form of C&E checking.

Examples include:

• Reviewing pricing and other activities for any indicia of antitrust violations.
• Monitoring COIs that have been conditionally okayed.
• Reviewing invoices of third parties for any indicia of corruption or violation of other rules.
• Making sure that those expected to take in-person training in fact do so.

Two final points about monitoring.

First, it can serve to educate business people on C&E matters (learn by doing).

Second, it can provide a basis for incenting C&E in performance evaluations (or similar processes). For instance, managers who don’t do a good job in monitoring should have that shortfall impact their evaluations.