Printer Friendly, PDF & Email

Integrating probability sampling into compliance programs

Gary S. Green ( is retired Professor of Government at Christopher Newport University in Newport News, Virginia, USA.

Auditing is the bedrock of any compliance program because without meaningful attempts to identify wrongful behaviors or the risk that they will occur, those problems can never be addressed. “Auditing” in this article will refer to any proactive effort to verify the effectiveness of an organizational compliance and ethics program.

Auditing seeks to prevent all harms associated with legal noncompliance. Although auditing certainly attempts to prevent wrongful acts against an organization, it must also attempt, with equal zeal, to prevent actions committed by the organization that inflict legal harms on employees, customers, vendors, stakeholders, and all other parties. It must seek to identify crimes, torts, breaches of contract, and other legal violations (especially those related to regulatory law) in addition to seeking to identify the risks associated with their possible occurrence.

Organizations are expected to identify and then immediately fix any actual or potential noncompliance, and “best practices” in compliance make specific reference to auditing as a prerequisite to a quality compliance program. Thus, auditing responds to legal expectations to self-police with due diligence. Auditing should produce information that may be used as evidence for compliance program effectiveness and identify weaknesses in compliance, allowing the organization to respond appropriately.

Auditing through sampling allows the examination of only a small fraction of organizational things in order to derive information that represents all of those things in an organization. Sampling is a fundamental aspect of self-evaluation associated with organizational compliance programming because it makes the investigation of key compliance questions considerably more feasible and much less expensive.

There are many reasons to use probability sampling to identify compliance breaches. First, it allows you to monitor efficiently large numbers of anything without monitoring everything. You can use probability sampling to monitor financial transactions, vendor contracts, product liabilities, place-based working condition safety or environmental risk, whether internal reporting mechanisms are effective, or anything else related to legal compliance initiatives. Second, it demonstrates “due diligence” in pursuit of a meaningful compliance program, which may serve to mitigate criminal and civil liabilities. Third, probability sampling promotes ethical organizational behavior because it does not target individuals. And, fourth, compliance auditing through sampling recursively sends the message that the higher-level personnel in an organization are serious about maintaining compliance program effectiveness.

Sampling is applicable to virtually all areas of auditing because it:

  • Identifies past compliance breaches,

  • Establishes baselines for compliance needs when programs are developed and as reference points for future audits, and

  • Performs ongoing monitoring of compliance program elements.

This document is only available to members. Please log in or become a member.