The connections and relationships between relevant compliance and ethics (C&E) “checking” categories can be confusing.
-
Auditing can overlap with both program assessment and risk assessment.
-
There can also be an “underlap” between the three functions.
-
The line between auditing and investigations is not always well-marked. Often what starts as the former can morph into the latter.
-
Monitoring can overlap with C&E program governance and management.
-
Metrics are generally part of monitoring but are sometimes discussed separately.
-
Encouraging reports of suspected violations can be seen as a form of monitoring—but is generally treated as a different animal altogether.
-
Metrics are generally part of monitoring but are sometimes treated separately.
-
Other types of internal controls (e.g., pre-approvals) can also be viewed as a form of monitoring—but typically serve different functions.