Compliance Deficit or Loss: An Auditor’s Tip

When assisting an organization in learning about the various export regulations such as the ITAR and EAR, we often hold “Executive Awareness” training for the leadership. Now there are some leaders who while learning about their responsibilities and all of the numerous requirements in complying with the regulations, they take immediate action: For instance some may assign a key executive to lead the efforts, they provide a budget and require a timeline for implementation. They follow their company mission statement or core values to be meet or exceed customer and regulatory requirements.

However there are those that simply apply “white wash” to the process. The say to themselves… we’ve been operating the same way for over twenty years and we never export so what are the chances of our company being involved in a violation?

When auditing for compliance I prefer to start with “Top Management” and ask: What operational components are in place that support the leadership principles and/or core values? I don’t expect the leadership to be intrenched in the weeds of the regulations but it is expected that someone in leadership is aware and knowledgable of the various statues and regulations. However I do expect that the organization has implemented WITHIN it’s operations, processes that are intended to assure compliance. Has the leadership enacted processes that collect and analyze  data that regulatory requirements are being met? The best way to get an executives attention is to apply this in terms they understand… is there a deficit or loss in their compliance performance?