Just about every letter of the alphabet, including some of them multiple times, is used to abbreviate an audit for a collection agency, it feels like these days. The number of internal audits, combined with the number of third-party audits that clients and regulators are pushing down on collection agencies, is getting to the point where there is an audit for just about everything.
A pair of industry compliance and auditing experts recently shared their insights and perspectives on a webinar hosted by AccountsRecovery.net and sponsored by InterProse. The speakers were Tim Collins, the chief compliance officer of TrueAccord, and Paige Tortorich, the internal audit manager at Enhanced Resource Center. A copy of the webinar recording is available here.
When determining which audits are more important than others, be they third-party or internal, the best place to start is where a collection agency faces the most risk. An audit can help identify potential problem spots and allow a collection agency to address them, so starting where the risk is the highest is a good idea, said Collins.
For example, he said, there is a lot of risk is “Letters and phone calls,” so those should be audited regularly.
The size of a collection agency no longer has any bearing on which audits should be conducted, because, as Collins pointed out, the clients do not necessarily care about how big or small a collection agency is. The clients care that their data will be handled appropriately and that all the required rules will be followed.
“One of the first questions we get is do we have a SOC 2,” Collins said. “Getting that is a very intrusive and expensive process.”
SOC 2 audits are important for clients, Tortorich said, just like clean desk audits are important as well. Clean desk audits require employees not to leave any paperwork on top of their desks.
The proliferation of audits has led ERC to try and automate more of their auditing operation, Tortorich said. Increased automation allows the agency to include larger sample sizes in their audits, which helps identify more risks. Some of the audits that have been automated are calls where no notes were entered into the collection system, or scrubbing for individuals who might be active duty military servicemembers and thus subject to the Servicemembers Civil Relief Act. ERC recently hired an information technology analyst for its auditing group to help automate more of the reporting process, Tortorich said.
TrueAccord recently rolled out software from Reciprocity Inc. that is helping them automate more of their auditing processes, Collins said.
It is important to note that audits can, and should, be used as a selling tool, Collins said. In that discussion, the sales team should be brought in to hear what audits clients are requesting or mentioning during sales conversations.