All accountants are familiar with the importance of compliance with laws and regulations surrounding financial reporting, tax reporting, and the like. Failure to properly comply may have adverse financial, legal, and professional effects. Companies invest significantly in control systems to ensure such compliance, and extensive internal and external audit resources are devoted to monitoring that compliance.
Recently, increasing attention has been given to compliance with a broader scope of laws and regulations. Most organizations are impacted by a wide range of legal and regulatory issues, in areas such as labor and employment, the environment, trade, product liability, health and safety, and truth in advertising. In addition, organizations are impacted by laws applicable to their specific area of operations, such as medicine, education, communications, defense industries, or gambling. To deal with these broader needs, many organizations are setting up compliance programs, and providing oversight by establishing high-level compliance committees.
A compliance committee is a group of individuals, usually composed primarily of members of the board of directors. They are assigned the task of ensuring that the corporation and its employees are acting in accordance with all applicable laws, regulations, ordinances, and rules promulgated by federal, state, and local governments and agencies. Where relevant, oversight should extend to international laws and regulations as well.
In some corporations, the audit committee serves in this role. An audit committee already has significant responsibilities in its normal role of dealing with financial matters; a recent study found that adult committes meet more than twice as frequently as they did prior to the Sarbanes-Oxley Act (SOX). Adding the legal compliance responsibility may overload what a board committee can reasonably handle. Or it may lead an audit committee to relegate these other areas of compliance to only cursory oversight. Thus, there has been a growing use of compliance committees that are separate and distinct from the corporation's audit committee.
One special case should be mentioned. SOX allows for the creation of a "qualified legal compliance committee" (QLCC) to investigate issues of corporate misconduct. This type of committee has special legal ramifications as it shifts the burden of investigating complaints from corporate counsel to itself. The legal factors leading to the decision to create a QLCC are beyond the scope of this article. Some companies have both a compliance committee and a QLCC. In these companies, the duties of the QLCC are typically limited to the investigation and resolution of complaints.
The role of CPAs. While the areas of concern of a compliance committee typically fall outside the financial arena, CPAs still have an important role to play in the design and operation of compliance oversight. Expertise in control systems and in audit methodology is needed for compliance oversight. One may deem this process to be a kind of "legal audit" of the company. While the technical expertise of lawyers is needed to assess and evaluate specific compliance, the legal profession generally does not develop audit methodologies for this purpose. Thus, CPAs are in a position to advise companies, boards of directors, and compliance committees on establishing control systems and developing audit methodologies to detect potential noncompliance.
The Mission of the Compliance Committee
As mentioned above, a compliance committee is typically assigned the task of ensuring that a corporation and its employees are acting in accordance with all applicable laws and regulations. This goal is usually defined as a reactive one; that is, the committee must ensure compliance with existing laws, rules, and regulations. Some committees, however, have included in their charter the proactive role of ensuring compliance with expected future laws, rules, and regulations. …