Now a while ago, back in my corporate life, my manager said he could see me doing audits for businesses – checking where they are in relation to their compliance and them helping them implement things to bring everything up to date.

One thing I have learnt is to ask those who know us best as to what we should be doing to best utilise our skills, something that I have often ignored until recently. When I established the Genie, I focused on data protection compliance realising that there was a knowledge gap for those in the online world. This was a passion of mine, having implemented data protection into a call centre – which was by no mean feat, and this involved me focusing my services solely data protection – writing privacy policies and having downloadable policies for small businesses to buy to help them with their compliance.

However, this hasn’t been the best use of my knowledge, for those who know I am qualified to Fellowship level both with the Personal Finance Society (PFS) and Pension Management Institute (PMI) and have qualifications in Risk Management and Compliance (with the Institute of Risk Management). I excel in looking into the operational side of businesses and seeing how they are structured, the policies, procedures and processes in place and ensuring everything works efficiently to enable them to move forward and achieve their business goals.

A part of this enables business owners to truly understand the potential risks in their business and focus on those that give them the greatest uncertainty especially as they evolve.

So, as my expertise is within Financial Services, this blog will focus on what the process of an audit is, which is ultimately like the financial advisory process:

·      Talk to me/Consultation – let me know where you are currently and what your concerns are, and what you perceive to be a risk or concern with your business. What do you want to achieve with your business? What is stopping your business growth?

·      Know Your Business – I will request some information around your business – by sending you a questionnaire – and don’t panic if you don’t have all the answers – this is part of the process! The questionnaire will cover for example:

o   The Structure of your business including:

• What regulations are you subject to - FCA, Data Protection, Ofcom for example

• What the ownership of your business is - how is it structured?

o   Your Financials

• What insurance you have in place

• How your income is structured – is it is primarily focused on one form of income which could potentially be a risk

• What your expenses are

o   The Governance of Your Business

• What the reporting lines are in your business - Governance is important

• What management information is available – to establish how operationally involved you are in your business

o   The Operational Aspects of your Business including:

• What policies and procedures and processes you have in place – such as Data Protection policy, Business Continuity Plans, Information Technology Policies, Complaint Policies

• How dependent you are on other businesses and other risks that may impact your business from 3rd parties - operational resilience is a key requirement for any business

• How your staff are trained and how you know they are competent in their roles – People Risk

• What CMS (client management systems) you are utilising

·       Research – I will spend some time looking at what you currently have in place, what is appropriate for your business and what isn’t. Also want needs to be implemented to enable you to reach your goals and to cover where your potential risks are.

·       Recommendations – You will then receive an audit report and an action plan specified to your business. The action plan will take into account the concerns you have, so the areas that you feel uncomfortable, but also will consider the risks that you may not be aware of. Like you review a customers attitude to risk and capacity for loss.

The aim of the audit is to ensure businesses have a risk rated action plan tailored especially to your business and focused on the highest risks within your business. This enables you to focus on those which make you feel uncomfortable based on your personal attitudes. Ultimately based on these recommendations, you can then go and implement them yourself or engage with a professional to implement them for you so you can focus on developing your business.

Of course, I can still help businesses who solely want to focus on their risk of being non-compliant with data protection requirements, which as your business evolves and you start to marketing via email and other electronical means will increase if it is not managed effectively. For those that are concerned around this area, there is a high-level checklist available which will show you which areas you may be potentially falling down on. If you would like a copy of this checklist, you can access it here.

Providing audits to financial service businesses, enables me to utilise all my skills and professional qualifications and enables businesses to tap into these resources, which is ultimately what the Genie focusses on so we can build better businesses for the benefit of all. Ready to summon the Genie.