This paper critically examines the ability of compliance program audits to provide adequate assurance of compliance system performance. The empirical evidence comes from the use of compliance program audits in monitoring compliance with enforceable undertakings agreed upon between companies (that have allegedly breached the law) and the Australian Competition and Consumer Commission and the Australian Securities and Investments Commission. The evidence suggests that the primary value of compliance program audits in this context is as a management review that induces better compliance. Nevertheless, it may be the formal regulatory expectation of verification (and the belief that it is possible) that gives the compliance review its power to encourage management to listen and respond to auditors’ recommendations for improvement.
The danger is that the review aspect of the audit will be captured by management concerns. This is evident in a tendency for the audit methodology to focus on management systems at the expense of forensic investigation of harm done (or likely to be done) to consumers and investors, and in a failure to seek out public opinion and input. This style of audit undermines the basic regulatory objective of democratic accountability for corporate responsibility. I conclude by using the literature on critical social audits to show that there is, nonetheless, significant potential for compliance program audits to open corporate management to democracy, and to make some suggestions as to how this might be possible.