Is Your Compliance Program Agile Enough? Follow This Checklist to Know

Recommended Reading

Compliance is a “moving target” that keeps shifting depending on activities in the industry and new enforcement priorities. Are you ready to make changes in your compliance policies based on this ever-shifting regulatory environment? Will your audits be clean? As you plan and refine your compliance program, use the following checklist to make sure your firm is considering every aspect of compliance:


The core of any compliance program is a proper set of documentation. Documentation not only helps a company in the event of a legal or regulatory risk, but it is also useful as training material and greatly helps with audits. For example, your firm probably has strong internal policies for bankruptcy scrubs, but if these policies are not laid out in black and white and made accessible to employees, non-compliance uncovered during a bankruptcy audit may place liability on the entire firm, even if it was due to employee error.

Document Controls

A well-defined process for document management is as important as the documentation itself. You should define how you plan to review your documents, update and track changes, and distribute the changes to your employees. You should always ensure that team members are only referring to the latest drafts of documents.

Compliance Program

Internal Inspection and Testing

Rather than waiting for external audits to uncover problematic issues, a robust compliance program should have a process for inspection and testing. Hiring an external auditor to do a bi-annual audit helps you clean house and avert bigger problems in the future, besides making client audits less stressful.

Remediating Audit Findings

Small and medium-sized firms struggle to allocate resources to audit and remediation because these are cost centers. The hope is that the small sample size of data during audits will work in the firm’s favor. But this leaves the firm open to serious litigatory risk. A better solution is to work with an external firm that can not only perform the audit, but also suggest remediation techniques.

Vendor Oversight

Vendors are an extension of your staff and an integral part of the business. Many vendors also have access to your data or facility, though their access to NPI may be different, depending on their security rating. Auditing your vendors using a well-defined vendor management program, streamlined vendor management software, and their suitability to access certain types of information is as important as auditing your internal processes. Due diligence covering their licensing, data security, and practices needs to be done.

Staff Training & Testing

Are you comfortable with the level of training of staff on company policies and procedures? Regular training and testing can ensure that employees are aware of the latest internal and external regulations. Testing also helps in identifying gaps in training which could create potential risks to the company.

Effective Complaint Resolution Program

On average, a law firm receives disputes on 8% of their accounts, and complaints on another 4% of their accounts. If complaints are not resolved quickly, consumers typically turn to regulatory bodies. A regulatory complaint not only affects a company’s reputation in a negative way and requires more time and attention, but it can also turn into a lawsuit, sometimes costing the company more than the actual face value of the account.

Quick Tip:

Document management and compliance activity tracking can be time-consuming and complex processes with significant implications. Consider leveraging technology to help enforce your standards and automate manual tracking to reduce errors. Provana’s IPACS Compliance Management System is one such offering that can give a firm like yours the resources to compete with the leaders of the industry.

If you would like to know how your firm stands with respect to your peers in terms of compliance framework, click on this link to fill out a simple form and we will send you a compliance benchmarking report.