GUEST BLOG
Compliance officers and internal auditors are natural partners and allies in the compliance governance landscape.
As the compliance profession and its influence grew, compliance officers often leaned on internal auditors for help in assessing risks, uncovering financial misconduct, and assessing compliance functions and controls. Recently, however, I have noticed some changes in their relationship, suggesting that they both are maturing and gaining independence from each other.
Since the passage of the Sarbanes-Oxley Act, internal auditors have climbed on the corporate ladder, and rightfully so. Internal audit was given greater responsibilities for ensuring accurate financial reporting. Congress mandated a greater responsibility and sought to improve internal and external audit functions.
Corporate boards gave internal auditors increased power and access to more resources. If the chief audit executive requested more staff and resources, the audit committee would be hard pressed to deny such a request.
In contrast, chief compliance officers have never enjoyed the same level of authority, access to resources, and overall influence at the board level as the internal auditor. Since the CCO and the CAE usually report to the same audit committee, CCOs and internal auditors helped each out, formed alliances and developed synergies, especially in areas where auditing and compliance functions overlapped. This usually worked out to both parties’ benefit.
Trends Shaping the Relationship
Two recent trends, however, have transformed this close and natural partnership.
See Also, “How Internal Audit Can Work with Compliance to Increase Value.”
First, CCOs are becoming more influential on their own, meaning that they have matured professionally and gathered their own constituencies, created their own relationships, and promoted their own connections with senior management and the board.
Second, internal auditors are busier than they ever have been with more projects, day-to-day responsibilities, and focus on financial reporting systems and overall system management. Internal auditors do not have the time nor the resources to conduct compliance audits or focus on specialized compliance auditing, particularly in the area of measuring compliance with controls.
Given these trends, CCOs have begun to develop their own auditing or compliance review protocols and functions. CCOs recognize that conducting their own independent audits of compliance functions can quickly improve monitoring and assessment capabilities and improve the accuracy and speed of compliance program improvements.
My generalization is just that—a general observation. Of course, there are still situations where compliance and internal audit continue to work closely with each other.
Big Responsibilities
The separation of CCOs and internal audit, however, is not a negative trend but reflects the positive growth in compliance. Internal audit has extraordinary responsibilities being placed on it, especially as companies seek to reduce reliance on outside consultants and auditing firms.
On substance and in practice, internal audit and compliance will always operate with a close respect for each other and coordinated perspective on corporate financial and compliance controls. Even as they mature, they will remember the old days of close affiliation while maintaining a close eye and support for the respective functions dedicated to improving overall corporate governance.
Compliance and audit will continue to learn from each other and maintain a mutual admiration for their respective roles. 
Michael Volkov is CEO of The Volkov Law Group, a law firm that specializes in corporate compliance, internal investigations, and white-collar defense. This column was reprinted with permission. It first appeared on the blog, Corruption, Crime & Compliance.