Compliance departments, particularly financial crime compliance departments, are subject to multiple levels of testing. Internal Audit reviews are a pillar requirement of the Bank Secrecy Act, as are annual assessments by the financial institutions federal functional regulator. However, both internal auditors and regulators use a risk based approach in scoping their reviews. As a result, some routine but important processes may not be subject to frequent or regular testing. Depending on the size and complexity of the financial institution as well as the level of risk assessed, an institution may decide that additional regular testing should be conducted to ensure a thorough coverage of the compliance program. This testing provides valuable, real-time feedback to management: it enables them to identify potential problems and take responsive action much earlier than might otherwise occur if they waited for the annual audit cycle.
Prudent risk managers may also want ad hoc checks of specific controls or processes. New or significantly changed processes should be carefully tested for a period of time to confirm correct implementation and that the change hasn’t resulted in any unanticipated failures or gaps. For example, if an institution acquires another institution and moves the new staff to acquirer’s existing systems and controls, spot testing of day to day activity provides vital feedback on the transitioning of the new employees.
Working with you, I can help you identify the attributes to be tested and, based on your specific concerns or suspicions, develop the null hypothesis and testing procedures to address those concerns. I will analyze the data available and propose a sample size and selection methodology and conduct the test. Results will be presented in report format, with areas for improvement and recommended actions provided.