Compliance Program Assessments (CPAs) are an integral component of a successful compliance program. Typically performed by the second line of defense and may be known as Quality Assurance. The objective is to evaluate the effectiveness of the CRA process and, importantly, the ongoing effectiveness of the controls in place to mitigate compliance risk. Also, critical to CPA is an evaluation of the data sources, data quality, and the controls in place to ensure ongoing data integrity.
While CPAs by definition are performed by the second line of defense and therefore do not meet the definition of independent tests, as defined for example in the anti-money laundering laws and regulations, they must be completed rigoursly and include a level of testing. The testing should include both controls testing and substantive, e.g. file review, testing.
ICRM can assist your organization in both the development of a CPA framework and execution the CPA test steps. Upon completion of the CPA our clients receive a formal report detailing the program steps and results at both a summary level and control level. This report provides our clients with critical, detailed, information necessary to make qucik, targeted, changes which may be required.