Compliance Audits, Monitoring & Reporting
What Are Compliance Audits?
Imagine you're a school principal who wants to make sure every classroom is following safety rules, teaching the right curriculum, and treating students fairly. You can't just trust that everyone is doing the right thing-you need to check. That's exactly what a compliance audit does in the business world.
A compliance audit is a systematic, independent examination of a company's activities, records, and operations to verify that the organization is following laws, regulations, policies, and internal procedures. Think of it as a health check-up for a company's rule-following abilities. Just as a doctor examines your vital signs to ensure you're healthy, auditors examine documents, interview employees, and review processes to ensure a company is "healthy" from a compliance perspective.
Compliance audits aren't optional nice-to-haves. They're essential because:
- They identify problems before regulators or law enforcement do
- They demonstrate to stakeholders (investors, customers, regulators) that the company takes its obligations seriously
- They reduce the risk of fines, lawsuits, and reputational damage
- They help improve processes and efficiency by spotting weaknesses
Here's a surprising fact: According to compliance industry research, companies that conduct regular compliance audits experience approximately 50% fewer regulatory violations than those that don't. That's like cutting your risk of getting a speeding ticket in half just by checking your speedometer regularly!
Types of Compliance Audits
Not all audits are created equal. Different situations call for different types of examinations:
Internal audits are conducted by the company's own employees or hired consultants. Think of this as a self-assessment-the company checking itself. A manufacturing company might have its internal compliance team review whether factory safety procedures are being followed correctly.
External audits are performed by independent third parties who have no connection to the company. These are like getting a second opinion from a doctor who doesn't know you personally. External auditors provide objectivity and credibility. For example, an accounting firm might audit a public company's financial reporting to ensure compliance with securities regulations.
Regulatory audits are conducted by government agencies or regulatory bodies themselves. These aren't voluntary-when the regulator shows up, you must cooperate. Imagine the health department inspecting a restaurant kitchen; that's a regulatory audit. The Occupational Safety and Health Administration (OSHA) conducting a workplace safety inspection is another example.
Pre-emptive audits happen before a company enters a new market, launches a new product, or implements a new process. They're like checking your tire pressure before a long road trip-you're preventing problems before they occur.
The Audit Process: Step by Step
Understanding how compliance audits actually work demystifies them and helps you prepare. Here's what happens during a typical audit:
Step 1: Planning and Scoping
The audit team determines what they'll examine, which departments they'll visit, what time period they'll cover, and what specific compliance areas they'll focus on. If you're auditing data privacy compliance, you might decide to examine the last 12 months of data handling practices in the IT and customer service departments.
Step 2: Information Gathering
Auditors collect evidence through multiple methods:
- Reviewing documents (policies, procedures, training records, incident reports)
- Interviewing employees at various levels
- Observing actual work processes in action
- Testing controls (for example, trying to access restricted data to see if security measures work)
- Analyzing data and records for patterns or anomalies
Step 3: Analysis and Evaluation
The audit team compares what they found against what should be happening according to laws, regulations, and company policies. They identify gaps, weaknesses, and violations. This is like comparing your actual test score against the required passing grade.
Step 4: Reporting
Auditors document their findings in a formal audit report that includes:
- What was audited and how
- What compliance issues were found
- How serious each issue is (often ranked by risk level)
- Recommendations for correcting problems
- Sometimes, positive findings about what's working well
Step 5: Follow-Up
After the audit, the company creates an action plan to fix identified problems. Good audit programs include follow-up audits to verify that corrections were actually made. This is the accountability piece-finding problems is only useful if they get fixed.
Real-World Example: Volkswagen's Emissions Scandal
In 2015, Volkswagen was caught installing "defeat devices" in diesel vehicles that made emissions appear lower during testing than they actually were in real-world driving. This massive compliance failure violated environmental regulations in multiple countries.
What's relevant for our discussion is what happened afterward. Volkswagen was required to conduct extensive compliance audits under the supervision of an independent monitor appointed by U.S. authorities. These audits examined not just emissions testing but the entire corporate culture and compliance management system. The company had to implement rigorous monitoring and regular auditing processes, demonstrating how compliance audits become especially critical after violations occur.
The cost? Over $30 billion in fines, settlements, and vehicle buybacks. Regular, effective compliance audits beforehand might have caught the problem before it became a catastrophe.
What Is Compliance Monitoring?
If compliance audits are like annual health check-ups, then compliance monitoring is like tracking your daily steps, heart rate, and diet. It's the ongoing, continuous process of checking whether compliance requirements are being met in real-time or at regular intervals.
While audits are typically periodic events (quarterly, annually), monitoring happens constantly. It's the difference between checking if your teenager cleaned their room once a month versus installing a camera that shows you their room cleanliness every day (though that might be going too far as a parent!).
Why Monitoring Matters
Compliance monitoring serves several crucial purposes:
Early detection: Problems get spotted quickly, often before they become serious violations. If you monitor employee expense reports weekly, you'll catch improper claims faster than if you only audit them annually.
Continuous improvement: Regular monitoring data shows trends over time, helping organizations improve processes gradually rather than waiting for an audit to reveal problems.
Real-time response: When monitoring detects an issue, the company can respond immediately. If transaction monitoring flags a potentially fraudulent payment, it can be stopped before the money goes out.
Demonstrating commitment: Active monitoring shows regulators and stakeholders that compliance isn't just a checkbox exercise but an ongoing priority.
Monitoring Methods and Tools
Modern organizations use various approaches to monitor compliance:
Automated monitoring systems use software to continuously check activities against compliance rules. Banks use transaction monitoring systems that automatically flag suspicious transactions that might indicate money laundering. These systems can review millions of transactions per day-something impossible for humans to do manually.
Key Performance Indicators (KPIs) and metrics track compliance health numerically. Examples include:
- Percentage of employees who completed required training by deadline
- Number of data security incidents per month
- Time taken to respond to customer privacy requests
- Percentage of contracts reviewed by legal before signing
Control testing involves regularly checking whether specific compliance controls are functioning. For instance, every month, someone might test whether unauthorized personnel can access restricted areas by trying different access cards at secure doors.
Sampling and spot checks review random samples of transactions, documents, or activities. A healthcare organization might randomly select 50 patient records each week to verify they're being handled according to privacy regulations.
Employee surveys and feedback mechanisms gather information about compliance climate and potential issues. Anonymous hotlines and regular pulse surveys can reveal problems that formal systems might miss.
Management reviews involve senior leaders regularly reviewing compliance reports and metrics to stay informed and make decisions.
The Monitoring Cycle
Effective monitoring isn't just about collecting data-it's a cycle:
1. Establish what to monitor → Identify critical compliance requirements and risk areas
2. Set standards and thresholds → Define what "good" looks like and what triggers concern
3. Collect data → Gather information through automated systems, reports, or observations
4. Analyze results → Compare actual performance against standards
5. Respond to findings → Investigate issues, take corrective action, escalate if necessary
6. Review and improve → Periodically assess whether you're monitoring the right things the right way
Real-World Example: Facebook and Privacy Monitoring
After the Cambridge Analytica scandal in 2018, where Facebook user data was improperly shared with a political consulting firm affecting 87 million users, Facebook (now Meta) entered into a settlement with the Federal Trade Commission (FTC) that required extensive compliance monitoring.
The company had to implement a comprehensive privacy program with ongoing monitoring requirements, including:
- Quarterly privacy reviews by designated compliance officers
- Continuous monitoring of third-party apps accessing user data
- Regular assessments of privacy risks from new products before launch
- Independent third-party assessments of their privacy program every two years
This demonstrates how monitoring becomes institutionalized after major compliance failures. The company moved from reactive to proactive compliance management, with monitoring systems designed to catch problems before they reach scandal proportions.
What Is Compliance Reporting?
You've conducted audits, you're monitoring continuously-now what? That information is useless unless it's communicated effectively to the right people. That's where compliance reporting comes in.
Compliance reporting is the process of documenting, communicating, and presenting information about an organization's compliance activities, findings, and status to various stakeholders. Think of it as the report card that shows how well the company is doing at following the rules.
Who Receives Compliance Reports?
Different audiences need different information:
Internal stakeholders include:
- Senior management and board of directors - Need high-level summaries showing overall compliance status, major risks, significant incidents, and strategic compliance issues
- Compliance officers and teams - Need detailed operational reports with specific findings, metrics, trends, and action items
- Department managers - Need information relevant to their specific areas so they can address issues with their teams
- Employees - Sometimes need general updates about compliance expectations, training requirements, or policy changes
External stakeholders include:
- Regulatory agencies - Often require specific periodic reports showing compliance with particular regulations (environmental reports, safety reports, financial disclosures)
- Investors and shareholders - Want assurance that compliance risks are being managed effectively
- Customers and business partners - May request compliance certifications or audit reports, especially in industries like healthcare or finance
- Independent monitors or auditors - When required by settlement agreements or regulations
Types of Compliance Reports
Periodic status reports provide regular updates on compliance activities and metrics. These might be monthly dashboards showing KPIs, quarterly reports to the board, or annual comprehensive reviews. They answer the question: "How are we doing overall?"
Audit reports document findings from specific audits, including identified issues, their severity, root causes, and recommendations. These are formal, detailed documents that create a record of what was examined and what was found.
Incident reports document specific compliance violations or near-misses when they occur. If an employee accidentally emails customer data to the wrong person, an incident report captures what happened, why, who was affected, and what was done about it.
Regulatory filings are mandatory reports submitted to government agencies. Examples include annual financial statements filed with securities regulators, safety incident reports filed with OSHA, or environmental monitoring reports filed with the EPA.
Management reports synthesize information for decision-making purposes. These might analyze trends, highlight emerging risks, or provide data to support strategic choices about compliance investments.
What Makes a Good Compliance Report?
Not all reports are equally effective. Quality compliance reporting has these characteristics:
Accuracy and completeness - Information must be factually correct and include all relevant data. Incomplete or inaccurate reports undermine trust and can lead to poor decisions.
Timeliness - Reports must reach recipients when the information is still useful. A report about last quarter's compliance issues that arrives three months late has limited value.
Clarity and readability - Reports should be written for their intended audience. A board report shouldn't drown directors in technical jargon; an operational report for specialists can include more detail.
Actionability - Good reports don't just identify problems; they recommend solutions and clearly indicate what needs to happen next and who's responsible.
Context and analysis - Raw data without interpretation isn't helpful. Reports should explain what the numbers mean, whether trends are concerning, and how current status compares to benchmarks or previous periods.
Visual presentation - Charts, graphs, and dashboards help people quickly grasp key information. A trend line showing increasing safety incidents is more immediately comprehensible than a table of numbers.
The Reporting Process
Creating compliance reports involves several steps:
Data collection → Gathering information from monitoring systems, audits, incident logs, and other sources
Data validation → Verifying that information is accurate and complete before including it in reports
Analysis → Interpreting data, identifying trends, determining significance of findings
Report preparation → Writing the report, creating visualizations, formatting for the intended audience
Review and approval → Having appropriate personnel review the report before distribution to ensure accuracy and appropriateness
Distribution → Delivering the report to stakeholders through appropriate channels (secure email, compliance management systems, formal presentations)
Follow-up → Tracking whether recipients received and understood the report, and whether recommended actions are being implemented
Real-World Example: Wells Fargo's Fake Accounts Scandal
Between 2011 and 2016, Wells Fargo employees created millions of fraudulent bank and credit card accounts without customer authorization. Employees were under intense pressure to meet aggressive sales targets and created fake accounts to hit their numbers.
What's relevant for compliance reporting is what went wrong and what happened afterward. Internal reports about suspicious account activity and ethical concerns existed, but they apparently didn't reach senior leadership effectively, or when they did, weren't taken seriously enough. The reporting system failed.
After the scandal broke, Wells Fargo faced over $3 billion in penalties and was required to implement enhanced compliance reporting structures, including:
- Direct reporting lines from compliance functions to the board of directors
- Regular detailed reporting on sales practices and risk metrics
- Whistleblower reports being escalated to senior management and the board
- Public disclosure of customer complaints and compliance issues
This case illustrates that compliance reporting isn't just about creating documents-it's about ensuring that critical information reaches decision-makers who can act on it, and that organizational culture supports honest reporting even when news is bad.
How Audits, Monitoring, and Reporting Work Together
These three elements aren't separate activities-they form an integrated system that reinforces compliance throughout an organization.
Think of it this way: Monitoring is your everyday radar, constantly scanning for potential problems. Audits are your periodic deep dives, thoroughly examining whether systems are working as intended. Reporting is your communication network, ensuring everyone who needs information gets it.
Here's how they interconnect:
- Monitoring data feeds into reports that show real-time compliance status
- Monitoring alerts might trigger focused audits of specific areas when problems are detected
- Audit findings lead to changes in what and how you monitor
- Reports from audits inform senior management and regulators about compliance health
- Reporting reveals trends that help prioritize which areas to audit next
- The reporting process itself might be audited to ensure accuracy and timeliness
An effective compliance management system creates a continuous improvement loop: Monitor → Detect issues → Audit to investigate → Report findings → Take corrective action → Update monitoring → Repeat.
Building a Compliance Culture
Beyond the technical processes, effective auditing, monitoring, and reporting require the right organizational culture. Companies with strong compliance cultures share certain characteristics:
Tone from the top: Senior leadership visibly demonstrates commitment to compliance. When the CEO says "compliance matters" but then ignores audit findings or pushes for results regardless of rules, employees learn that compliance is just window dressing.
Openness to bad news: Organizations must create environments where people can report problems without fear of retaliation. If auditors or monitors are pressured to soften findings or employees are punished for raising concerns, the entire system breaks down.
Resource commitment: Effective compliance programs require investment-in technology, personnel, training, and time. Companies that treat compliance as a cost to minimize rather than a value to maximize typically get what they pay for.
Accountability: When audits or monitoring reveal problems, there must be consequences and corrective action. If findings go into reports that then sit on shelves gathering dust, people learn that compliance is performative rather than real.
Continuous improvement: The best organizations view compliance not as a static checklist but as an evolving practice. They regularly ask: "Are we monitoring the right things? Are our audits examining the highest-risk areas? Are our reports giving decision-makers the information they need?"
Technology's Role in Modern Compliance
The compliance landscape has been transformed by technology. Modern organizations use various tools and systems:
Governance, Risk, and Compliance (GRC) platforms integrate auditing, monitoring, and reporting into unified systems. These platforms centralize compliance data, automate workflows, track corrective actions, and generate reports-reducing manual work and human error.
Data analytics and artificial intelligence enable organizations to monitor vast amounts of data for compliance issues. AI can identify patterns that humans might miss, such as subtle indicators of fraud or discrimination.
Automated monitoring systems continuously check transactions, communications, and activities against compliance rules. These systems work 24/7 without fatigue, providing consistent coverage.
Reporting dashboards visualize compliance data in real-time, allowing managers to see current status at a glance rather than waiting for periodic reports.
Whistleblower and incident reporting systems provide secure, often anonymous channels for employees to report concerns, with built-in workflows for investigation and resolution.
However, technology is a tool, not a solution. Systems are only as good as the requirements programmed into them, the data fed into them, and the human judgment applied to their outputs. An automated monitoring system that flags 10,000 potential issues per day without intelligent filtering creates noise rather than insight.
Challenges in Compliance Auditing, Monitoring, and Reporting
Organizations face several common challenges in implementing effective compliance programs:
Resource constraints: Compliance activities require time, money, and skilled personnel. Smaller organizations especially may struggle to maintain robust programs while also running their core business.
Complexity and volume: Modern organizations face an expanding web of regulations across multiple jurisdictions. Keeping track of all applicable requirements, monitoring compliance with each, and reporting appropriately is increasingly complex.
Data management: Compliance monitoring and reporting require access to data from across the organization. Data may be in different systems, in inconsistent formats, or subject to access restrictions that complicate compliance activities.
Resistance and compliance fatigue: Employees may view compliance activities as bureaucratic burdens that interfere with "real work." Overcoming this resistance requires leadership support and clear communication about why compliance matters.
False positives and alert fatigue: Automated monitoring systems can generate overwhelming numbers of alerts, many of which turn out to be non-issues. When compliance teams are drowning in false positives, they may miss genuine problems-the "needle in the haystack" challenge.
Keeping pace with change: Business models evolve, new technologies emerge, and regulations change. Audit programs, monitoring systems, and reporting frameworks must adapt accordingly, which requires ongoing effort and investment.
Demonstrating value: Compliance programs prevent problems, but proving that something didn't happen because of your efforts is challenging. This can make it difficult to secure ongoing support and resources.
Best Practices for Effective Compliance Programs
Leading organizations follow certain principles to make their compliance auditing, monitoring, and reporting more effective:
Risk-based approach: Not everything needs the same level of attention. Focus intensive monitoring and frequent auditing on highest-risk areas-those where violations would be most severe or most likely. Lower-risk areas can be checked less frequently or less intensively.
Clear ownership and accountability: Every compliance requirement should have a clear owner responsible for ensuring compliance, and every audit finding should have someone accountable for addressing it.
Integration with operations: The most effective compliance programs are integrated into normal business operations rather than being separate parallel processes. When compliance checks are built into workflows, they're more likely to actually happen.
Regular testing and validation: Don't just assume your monitoring systems and controls are working-test them. Try to circumvent controls, review samples of monitoring alerts to check accuracy, and audit your audit process.
Transparent communication: Reports should present facts honestly, even when they're unfavorable. Sugarcoating problems or burying bad news undermines the entire purpose of compliance reporting.
Documentation and record-keeping: Maintain clear records of compliance activities. These records demonstrate due diligence to regulators, provide evidence if compliance is questioned, and create institutional memory.
Training and awareness: People throughout the organization need to understand compliance requirements relevant to their roles, and how monitoring, auditing, and reporting work. This increases cooperation and effectiveness.
Continuous improvement: Regularly review and update audit plans, monitoring parameters, and reporting formats based on what you learn from previous cycles.
The Human Element: Ethics and Judgment
While technology and processes are important, compliance ultimately depends on human judgment and integrity. Auditors must exercise professional skepticism-questioning what they see rather than taking everything at face value. Monitors must distinguish between technical violations that matter and ones that don't. Report writers must present information fairly and completely.
Ethical challenges arise regularly:
- An auditor discovers their close friend violated policy-do they report it fully or downplay it?
- A monitoring system flags the CEO's expense reports as suspicious-does the compliance officer investigate the boss?
- A report shows that meeting compliance requirements would force missing quarterly targets-does management suppress the report or face the problem?
Organizations with strong compliance cultures support employees facing these dilemmas and protect those who do the right thing even when it's uncomfortable.
Key Terms Recap
- Compliance Audit - A systematic, independent examination of an organization's activities to verify adherence to laws, regulations, policies, and procedures
- Internal Audit - An audit conducted by the organization's own employees or hired consultants to assess compliance from within
- External Audit - An audit performed by independent third parties who have no connection to the organization, providing objective assessment
- Regulatory Audit - An audit conducted by government agencies or regulatory bodies to verify compliance with specific regulations
- Compliance Monitoring - The ongoing, continuous process of checking whether compliance requirements are being met through real-time or regular interval reviews
- Key Performance Indicators (KPIs) - Measurable values that demonstrate how effectively an organization is achieving compliance objectives
- Automated Monitoring Systems - Software tools that continuously and automatically check activities against compliance rules
- Control Testing - The process of regularly verifying that specific compliance controls are functioning as intended
- Compliance Reporting - The process of documenting, communicating, and presenting information about compliance activities, findings, and status to stakeholders
- Audit Report - A formal document presenting findings from a compliance audit, including identified issues, severity, and recommendations
- Incident Report - Documentation of a specific compliance violation or near-miss, capturing what happened and how it was addressed
- Regulatory Filing - A mandatory report submitted to government agencies as required by specific regulations
- GRC Platform - Governance, Risk, and Compliance software that integrates auditing, monitoring, and reporting functions into a unified system
- Risk-Based Approach - A compliance strategy that focuses intensive resources on areas with highest risk of violations or most severe potential consequences
- Corrective Action - Steps taken to fix identified compliance problems and prevent recurrence
- Compliance Culture - The shared values, beliefs, and behaviors within an organization regarding the importance of following rules and ethical conduct
Common Mistakes and Misconceptions
Misconception: "Compliance audits are only for catching people doing wrong."
Reality: While audits do identify violations, their primary purpose is preventing problems through early detection and process improvement. Good audits also identify what's working well, not just what's broken.
Misconception: "If we have automated monitoring systems, we don't need to conduct audits."
Reality: Monitoring and auditing serve different purposes. Monitoring catches day-to-day issues; audits examine whether your entire compliance system (including your monitoring) is effective. You need both.
Misconception: "Compliance reporting is just about creating documents to satisfy regulators."
Reality: Effective compliance reporting serves multiple purposes: informing management decisions, tracking improvement, demonstrating accountability, and yes, satisfying regulatory requirements. It's a management tool, not just paperwork.
Misconception: "Only large companies need formal compliance auditing, monitoring, and reporting."
Reality: Organizations of all sizes face compliance obligations. While smaller organizations may have simpler systems, they still need to verify compliance, detect problems, and document their efforts. Violations don't cost less just because your company is small.
Misconception: "If an audit didn't find problems, the auditors weren't looking hard enough."
Reality: Clean audit reports are possible, especially when organizations have mature compliance programs. However, auditors should indeed maintain professional skepticism and look beyond surface appearances.
Misconception: "Compliance monitoring means watching employees to catch them breaking rules."
Reality: While monitoring does include checking employee activities, it's primarily about examining processes and controls. The goal is identifying systemic issues, not punishing individuals.
Misconception: "We can set up monitoring systems once and they'll work forever."
Reality: Monitoring systems require regular updates as regulations change, business processes evolve, and new risks emerge. What you monitored last year may not be sufficient this year.
Misconception: "The more detailed the compliance report, the better."
Reality: Reports should be tailored to their audience. Overwhelming busy executives with excessive detail makes reports less effective, not more. Different stakeholders need different levels of information.
Misconception: "Technology can solve all compliance monitoring challenges."
Reality: Technology is a powerful tool but requires human judgment to configure properly, interpret results, and act on findings. Automated systems can also generate false positives or miss nuanced issues that humans would catch.
Misconception: "Compliance audits, monitoring, and reporting are the compliance department's job."
Reality: While compliance departments may coordinate these activities, effective compliance requires involvement from throughout the organization. Everyone owns compliance in their area; the compliance department provides support and oversight.
Summary
- Compliance audits are systematic examinations that verify whether organizations are following laws, regulations, and policies. They can be internal (conducted by the organization), external (by independent parties), or regulatory (by government agencies). Audits follow a structured process: planning, information gathering, analysis, reporting, and follow-up.
- Compliance monitoring is the continuous, ongoing process of checking whether requirements are being met. Unlike periodic audits, monitoring happens constantly through automated systems, KPIs, control testing, sampling, and other methods. Effective monitoring enables early detection of problems and real-time response.
- Compliance reporting communicates compliance information to stakeholders including management, boards, regulators, and investors. Different audiences need different reports. Good reports are accurate, timely, clear, actionable, and provide context for understanding findings. The reporting process ensures critical information reaches decision-makers who can act on it.
- These three elements work together in an integrated system: monitoring provides continuous data, audits provide periodic deep examinations, and reporting communicates findings to drive improvement. They create a continuous improvement loop that strengthens compliance over time.
- Technology plays an increasingly important role through GRC platforms, automated monitoring systems, data analytics, and reporting dashboards. However, technology is a tool that requires human judgment, proper configuration, and interpretation to be effective.
- Effective compliance programs follow a risk-based approach, focusing intensive resources on highest-risk areas while maintaining baseline oversight of lower-risk areas. This maximizes the impact of limited compliance resources.
- Strong organizational culture is essential for compliance success. This includes tone from the top (leadership commitment), openness to bad news (psychological safety for reporting problems), adequate resources, accountability for findings, and commitment to continuous improvement.
- Real-world examples like Volkswagen's emissions scandal, Facebook's privacy issues, and Wells Fargo's fake accounts demonstrate both the consequences of compliance failures and the importance of effective auditing, monitoring, and reporting systems.
- Common challenges include resource constraints, regulatory complexity, data management issues, alert fatigue, resistance from employees, and the difficulty of demonstrating the value of preventing problems that never occur.
- Best practices include risk-based prioritization, clear accountability, integration with operations, regular testing of controls, transparent communication, thorough documentation, continuous training, and periodic review and improvement of compliance processes themselves.
Practice Questions
Question 1 (Recall):
What is the primary difference between a compliance audit and compliance monitoring?
Question 2 (Application):
Your company processes customer credit card payments and must comply with payment security standards. Design a basic compliance monitoring system for this function. What would you monitor, how frequently, and what metrics would you track?
Question 3 (Analytical):
A company conducts annual compliance audits that consistently find no problems, yet a regulatory investigation discovers serious violations. What might explain this discrepancy? Provide at least three possible explanations.
Question 4 (Application):
You are preparing a compliance report for your company's board of directors regarding workplace safety. What information should you include, and how should you present it differently than a report to the operations manager responsible for day-to-day safety?
Question 5 (Recall):
List and briefly describe three different types of compliance audits.
Question 6 (Analytical):
A manufacturing company installs an automated system that monitors environmental emissions 24/7 and generates alerts when readings exceed permitted levels. However, the system generates approximately 200 alerts per week, and investigation reveals that 95% are false alarms caused by temporary sensor fluctuations. What problems might this create, and how would you address them?
Question 7 (Application):
Your company experienced a data breach where employee records were accessed by an unauthorized person. What compliance reports would likely need to be created, and who would receive them?
Question 8 (Analytical):
Explain how the Wells Fargo fake accounts scandal illustrates the importance of effective compliance reporting. What specifically failed in their reporting system, and what changes were implemented afterward?
