Internal audit: A strategic partner in government contract compliance

The increasingly complex federal procurement environment may bring fond reflections on what now seem to be simpler times. Contractors and their legal counsel are experiencing intensified government scrutiny over regulatory compliance, persistent budget uncertainties, increased cost pressures and lower margins, and the list of challenges goes on. This is fertile ground for compliance warfare where the cost of compliance is high, and the cost of noncompliance is even higher. Often overlooked or underappreciated, however, is the importance of Internal Audit in the company’s arsenal of defense against regulatory noncompliance. Internal Audit, with its company-wide purview, has the potential to serve as a strategic partner that counsel and the management team can use to identify and remedy potential landmines in your compliance infrastructure.

Though the Internal Audit and Compliance functions share similar risk management objectives, the two serve very distinct purposes. The Compliance function primarily makes sure the company is following applicable government contract-related regulations. It also serves as a liaison between government auditors and company personnel, assists with responses to audit inquiries and data requests, addresses audit findings, and prepares required reports and disclosures. Said another way, the Compliance function handles most of the company’s tactical execution of compliance requirements.

On the other hand, Internal Audit provides objective, top-down evaluations to the Board of Directors and management on whether or not the company’s policies, procedures, and internal controls are designed and operating effectively. Many Internal Audit departments traditionally focus on internal controls related to financial reporting and operational efficiency, leaving regulatory matters to the Compliance function. When used most effectively, Internal Audit extends its focus beyond basic financial and operational controls and lends its strategic mission to addressing regulatory compliance risks, fraud risks, and other matters of corporate compliance and business conduct.

The following Exhibit shows how Internal Audit’s holistic view of the company intersects with the specific regulatory matters addressed by Compliance. Ask yourself what part of your company, if any, is proactively addressing the risks listed in the intersection of Internal Audit and Government Contracts Compliance. By defining and organizing your approach to both Internal Audit and Compliance, you can greatly reduce your overall risk.

 

Exhibit 1: Convergence of internal audit and government contracts compliance