What Is a Legal Audit?
A legal audit is a comprehensive review and risk assessment of a business’ legal and contract-related obligations. Unlike a financial audit, which primarily focuses on the financial accuracy of a company’s statements, a legal audit examines the legal standing of company contracts, employment agreements, regulatory compliance, and other aspects of law that affect the bottom line. It also analyzes how well the company is managing its legal risks. A legal audit is not a compliance audit , but is an assessment of various contracts, legal documents, and obligations.
Legal audits do not have to be internal professor or conducted by outside advisors. Company resources may be leveraged to reduce the cost. Legal audits may reduce the risk of litigation and regulatory action, or prevent poor contractual terms. Finally, legal audits may demonstrate to financial stakeholders that the business is strong and adheres to best practices.
Advantages of a Legal Audit
Successful businesses can be measured in part by their ability to anticipate problems before they arise. As a result, the primary advantage of a legal audit is that it can help identify potential legal risks before they turn into serious problems. A legal audit is essentially an internal investigation, revealing how the team conducts its business. Often these hidden risks are things that are so commonplace that people don’t stop to think about them. For example, businesses contract with vendors every day, like suppliers of goods and services, insurance providers, and more. As with any contract, the terms matter. A small, but significant change in wording can increase your liability by large sums of money. A legal audit will thoroughly review each of these agreements and identify problems so that you can address them before a problem occurs.
Secondly, a legal audit will help ensure that your business is compliant with all legal regulations. Figureheads and operation managers can certainly try their best to keep up with the latest laws, but that is easier said than done. Staying up-to-date on the many federal, state, and local business laws of your industry can be a real headache. Laws also frequently change and new laws are created all the time. Your business can be held responsible for up to five years for infractions on laws implemented prior to your audits; staying on top of compliance isn’t usually one of your team’s primary responsibilities. Having regular legal audits will put some of these issues at ease, ensuring that you don’t face repercussions down the line.
Third, even if your business is in full compliance with the law, that doesn’t guarantee that you’re in full compliance with your own internal policies and procedures. Sometimes human error and miscommunication can lead to breaches of your very own protocols. This can not only mean that you’ll face negative consequences if you’ve accidentally violated laws, but also several weaknesses in your own operations. It is helpful to have a legal team conduct these audits because like all other areas of a business, the structure of internal affairs requires a trained, discerning eye.
There are many benefits of legal audits; they not only minimize risk and maximize efficient operations, but they create a safer and more stable business environment. An effective legal audit will account for all potential legal traps that could lead to corporate bankruptcy and show how they can be avoided.
Doing a Legal Audit: Step By Step
Once a decision has been made to conduct a legal audit, the next step is to plan the audit, assemble the team and create a legal audit questionnaire that focuses on particular areas of risk. As part of the audit, an interview is conducted to provide supplemental information and allow the auditor to ask specific questions. Finally, fieldwork is conducted to gather and analyze relevant documents in preparation for a final audit report. Planning: Planning is critical to the success of a legal audit. It involves understanding the industry, operations and business of the Company. The background information is used to prepare the process from beginning to end and to identify the resources needed to complete the audit. This is also the stage where the legal audit questionnaire is designed to address areas of risk within the Company. The audit objectives are discussed with the audit committee of the board of directors to ensure that the audit is focused on areas of concern as it relates to the Company. Team Assembly: A legal audit team is assembled to ensure that the process is handled in a professional, efficient manner. It is important that the members of the audit team have the appropriate skill sets to oversee the entire audit process. Areas of expertise include business operations, human resources, financial and legal. In most cases, the audit team should consist of attorneys experienced in employment law, assessment of business transactions and tax-related issues. In this regard, the audit team can provide the most value and focus the audit on high-risk areas. Legal Audit Questionnaire: The audit program is developed based on the auditor’s prior experience and discussions with the audit committee. It considers existing policies, procedures and controls in the areas targeted by the audit. The auditor then designs an audit questionnaire based on this information. The audit questionnaire is designed to be a tool that enables management and the audit committee to evaluate the adequacy of the audit plan. Interview: As part of the legal audit, management should be interviewed via a survey or questionnaire as well as several follow up meetings. The interview should be informal in nature and not feel threatening to management. From the audit, a list of questions is developed based on the interview process. The interview is important because it provides the auditor with information and knowledge about the Company. It allows the auditor to gain a broad understanding of operations, business strategy and potential risks. The audit team can then focus its attention on high-risk areas that are of interest and concern to management. This is not unlike tax audits where taxpayers and the IRS, by design, focus on a limited area of concern. The audit team uses the details of these interviews to build a report detailing whether there are any open issues and how to resolve them (if any). The report will specify the timeframe in which to correct the issues and scenarios that could create open issues in other areas. As part of the audit, attention should be given to other high-risk areas of the audit. In a legal audit, these include: reporting, accounting, business development, pricing, contract pricing, and customer support.
What Does a Legal Audit Cover?
When conducting a legal audit for a business, there are important areas that are regularly scrutinized. This is because there is a significant amount of information that goes into an audit of this nature, and focusing on specific areas ultimately enhances the potential for discovering all areas of liability.
Significant areas of focus during a legal audit include contracts, corporate governance, employment law compliance and intellectual property rights. A contract audit essentially examines any and all existing contracts with other businesses, customers and suppliers. This consists of making sure that the contracts uphold the interests of the business and function well with existing contracts. Corporate governance laws vary from state to state, so a legal audit will help make sure companies incorporate best practices in their business operations and meet state responsibilities and crucial requirements.
Another major area of focus for legal audits is compliance issues. Ideally, the compliance issues will be checked for both federal and state requirements. This will also cover industry-specific requirements for health, safety and environmental issues. All of this information is critical to compliance audits. Otherwise, it could be quite easy for an organization to discover it is in violation of certain laws at the worst of times. Compliance with regulations and other legal requirements of any kind is also a major element of any legal audit.
Who Should Carry Out a Legal Audit?
Tasking a legal professional with the responsibility of conducting a legal audit is commonplace. While a legal audit can be performed by a legal professional who is not working with your organization on a day-to-day basis, those who have a strong familiarity with your legal processes and current state are best equipped to drive a legal audit to fruition. With applied expertise and understanding of organizational context, an internal legal professional is able to avoid the pitfalls that often beset more cursory reviews. Internally conducted legal audits are based on a strong foundation of knowledge regarding legal documents, processes, and matters that the organization has. The legal audit will leverage existing knowledge to gather further information where wounds are present – that is, where the auditee has cause for concern (i.e., a sense that legal risk exists) and perceives that the risk is beyond tolerance. A strong internal knowledge base for objectively identifying such risk factors will be among the most prominent advantages of an internally driven legal audit . External legal auditors may also be engaged for a legal audit. In-house counsel may have the capacity to engage external services for a legal audit. This alternative can have many advantages – especially for organizations limited by internal resources. Externally run audits typically generate value in two key areas. First, outside experts bring their expertise to the table. New eyes, with advanced experience, are able to introduce an array of insights. Second, the involvement of outside professionals allows internal practitioners to focus on their primary responsibilities. A legal professional who is subject to internal review may not be as well positioned to regularly review the organization’s legal processes and has less freedom to provide attend to the legal audit if his or her attention is divided among multiple legal matters. Such lack of focus could lead to major oversights. Engaging a third-party, external legal auditor which focus on internal legal reviews will relay critical insights for senior leadership and help support organizational goal attainment.
Legal Audits: Limitations and Challenges
Difficulties in conducting legal audits include resistance to change within the company, when some managers don’t understand the point of it, especially if they are pretty much allowing a lot of things in the company without compliance with legal requirements, simply because they were never aware of them and have been fine, to their level of perception. Once they know, however, they often become very understanding and probably relieved that someone is finally putting some order into things.
Secondly, since this is a highly specialized task and requires people with highly specialized legal knowledge, there may be a problem with accessibility to the data necessary to conduct a proper audit. The solution here is to engage a firm or individuals with substantial experience in the field, who will likely have access to lawyers, administrators, experienced consultants and relevant software. Access to such expertise will save a lot of trouble.
Thirdly, resources allocated to properly conducting the audit may at times be lacking. Time and money are required, and something always takes precedence. The remedy here is to prioritize, and if necessary, hire a company with experience in legal audit, which is likely to conduct the audit more efficiently due to having experience and the motivation of being recompensed for the task.
Finally, a legal audit conducted only in good faith cannot be said to be perfect, just more efficient. If the audit is conducted presuming that everything is in order, as opposed to the auditor’s inability to see past generalities and not getting into specifics, many issues may be done and over, with little recommendation for areas of improvement.
How Frequent Should Legal Audits Occur?
The frequency with which legal audits should be conducted can depend largely on the specifics of a company’s operations. In general, major legal audits should be conducted every two to three years, or even more often if your company is in an industry that experiences greater volatility or increased legislation and regulation. However, your internal review (or mini audit) process should happen at least once every year.
If your company has undergone considerable changes over the past year, such as a merger or acquisition, you may want to look at scheduling a legal audit slightly earlier. Similarly, if your state has recently passed any new legislation that could directly affect your business, a schedule adjustment may be advisable. For example, Washington State has passed a $15 minimum wage law and a paid sick leave law. It also has a statewide law banning the use of salary history. This is a hotbed for wage-related claims, so the sooner you audit your workplace policies, the better.
There may even be some aspects of a legal audit that make it prudent to do so on an active rolling basis. A state may pass legislation harmful to your organisation, which you will need to check for during a regular legal audit.
Getting Ready for a Legal Audit
Preparing for a legal audit, whether it is a voluntary or mandatory one, often presents a challenge to businesses. And as more states adopt various data breach notification laws, more companies are finding themselves subject to audits in these areas. Because of the serious and potential liability associated with the failure to have adequate information security systems in place to protect personal and financial information, preparation for a legal audit will go a long way to reducing your company’s overall liability exposure. Not only will it show that your company takes good faith efforts to comply with the law, it will also highlight the steps you’ve taken to reduce the chances of a data breach or the legal exposure resulting from one.
Again, preparation is key. Your document retention process should have a plan by which all legal materials are gathered and organized. These include things such as all discovery documents/correspondence, former/pending/potential lawsuits, legal contracts, etc . These records can be collected in the form of paper or electronically, and at a minimum, need to all be stored in a location where they can be easily found and reviewed if, and when, necessary. Of course, if your legal audit is part of a Federal government audit, then your company would already have better tracking of some of the earlier mentioned documents and will only be adding additional documents to some extent, not creating a new file.
Second, develop a list of all of the company’s lawyers (counsel) who are both in-house and outside counsel. Be sure to include not only your corporate/government affairs lawyer, but also those who represent your company on commercial transactions and any outside government affairs or lobbying counsel. If the auditor’s legal team has additional questions, they will know right where to go to find additional legal documents. Also develop a list of all the company’s outside counsel with whom your in-house general counsel typically communicates. Just because something is "in-house" (which typically means outside of the public eye), doesn’t mean it is also not relevant to a legal audit.