The compliance department at an enterprise schedules a bi-annual review of a critical, high-risk distributor's financial records, invoices, and expense claims. What compliance function does this periodic review represent?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Pay close attention here: when you go back and review records that have already been generated—like invoices and expenses—you are doing detective work. Specifically, you're monitoring and auditing. This isn't a preventive control because the money has already left the building. And it's not a self-assessment because the compliance team is doing the checking, not the distributor themselves. Monitoring and auditing is how we verify that our controls are actually working in the real world!
Full explanation below image
Full Explanation
Monitoring and auditing are critical components of a compliance program's evaluation phase. Auditing is a formal, systematic review of operational or financial records (such as invoices, expense reports, and third-party transactions) to verify compliance against established policies, laws, or contracts. Monitoring is an ongoing, real-time or periodic assessment designed to ensure that controls are operating effectively. A bi-annual review of a high-risk supplier's financial transactions conducted by the compliance department falls squarely under the monitoring and auditing function. This activity is not a self-assessment, because it is performed by an independent oversight function (the compliance department) rather than the business unit or supplier itself. It is also not a preventive control, as the review occurs after the invoices have been processed and paid, and it is not a directive control, which simply establishes rules or policies.