Internal Control Audit And Compliance: Woolworths Limited Essay


Describe about the Internal Control Audit and Compliance of Woolworths Limited?



The study is about the Australian Retailer Organization known as Woolworths Limited. Woolworths Limited is the major Australian Company with an extensive retail in Australia and New Zealand. The company deals with food i.e. they are food retailer as well as the largest takeaway liquor retailer in Australia. The company is running its many other business like hotels, gaming poker machines and etc so to maintain laws, regulation in every business the company need compliance management. The person associated with management of law, regulations, identification, triaging, coordinating compliance management is known as compliance management. Organization needs the compliance management system to maintain support with the local compliance and investigation, corporate audits and design reviews.

Compliance requirements:-

Compliance is defined in Australian Standard Compliance programs, AS3806-2006, as “Adhering to the requirements of laws, industry and organizational standards and codes, principles of good governance and accepted community and ethical standards.” A compliance requirement is a law (legislated or common law), regulation, government directive, industry code or standard, permit, licence, contract or internal policy/procedure that the organization of Australia must comply with.

Compliance requirements can either be:-

  • Regulatory (legal, regulatory, licence, contractual, permit or accreditation standards) compliance requirements.
  • Business (Internal Policy or “best practice" standards) compliance requirements.

Compliance requirements can be identified through:-

  • Regular communication with the legislators and regulators
  • Communication with industry bodies
  • Professional associations and memberships
  • Knowledge of the business and operating environment
  • Internal communication
  • Research (Eggert, 2014)

Internal Compliance requirements-

The purpose of an Internal Compliance is to ensure “that the right export decisions are consistently being made; that employees know their export control responsibilities; that the right procedures are being followed; and that the right questions are being asked to ensure that exports are being made in compliance with national legislation and, therefore, consistent with a company’s best interests.”

Internal compliance systems should address several specific goals:-

  • To develop contacts and good-standing relationships between the company and export agencies.
  • To remain informed of updates to the government’s export control laws and regulations.
  • To centralize export-related questions and issues (Graham, n.d.).
  • To standardize procedures.
  • To provide early warning and screening of all inquires and orders.
  • To generate coherent and complete documentation of all sensitive export transactions.
  • To train all employees engaged, either directly or indirectly, with work of the organization.

External Compliance requirements-

External Compliance includes identifying compliance requirements, optimizing and evaluating the response, obtaining assurance that the requirements have been complied with and integrating its compliance reporting with the rest of the business. Identify on a continuous basis local and international laws, regulations, and other external requirements that must be complied with for incorporation into the organization’s policies, standards, procedures and methodologies.

Industry Compliance Requirements-

It is the important in Industrial Compliance to prevent the degradation of the environment by industrial operations and ensure their compliance with the provincial regulations and manage impacted sites in accordance with department policy (Silverman, 2008).

Hence, all applicable external and internal contractual requirements with application to information security should be identified. This could include requirements to:

  • Protect and preserve organizational records, including records necessary for auditing compliance with these requirements;
  • Protect the confidentiality of personal data;
  • Regulate cryptographic and other sensitive technologies; and
  • Preserve intellectual property rights.

Compliance Effects:

Compliance is used to reduce risk of violations of the export controls. A compliance management system helps in managing risks associated with changing product and service offerings new legislation enacted to address developments in the marketplace.

Compliance Systems:

Available systems and there components- An effective compliance management system is commonly comprised of three interdependent elements:

  • Board and management oversight
  • Compliance program
  • Compliance audit.

Comparison of systems or components

Board Oversight -

A Board can demonstrate commitment to maintaining an effective CMS by:

  • Demonstrating clear and unequivocal expectations about compliance, not only within the institution, but also to third- party providers
  • Adopting clear policy statements
  • Appointing a compliance officer with authority and accountability
  • Allocating resources to compliance functions commensurate with the level and complexity of the institution’s operations
  • Conducting periodic compliance audits
  • Providing for recurrent reports by the compliance officer to the Board

Compliance Program-

An organization should establish a formal, written compliance program. In addition to being a planned and organized effort to guide the compliance activities, a written program represents an essential source document that will serve as a training and reference tool for all employees. A well planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, provide cost efficiencies, and is a sound business step.

A compliance program includes the following components:

  • Policies and procedures
  • Training
  • Monitoring
  • Consumer complaint response

Policies and Procedures

Policies and Procedures should:

  • Include goals and procedures for meeting those goals
  • Include all the information needed for personnel to perform a business transaction
  • Be reviewed and updated as the institution’s business and regulatory environment changes.


  • Proper training for the Board, management, and staff is essential to maintaining an effective compliance program.
  • An effective compliance training program is frequently updated with current, complete and accurate information on products and services and business operations of organization.


  • Monitoring is a proactive approach by the institution to identify procedural or training weaknesses in an effort to preclude regulatory violations.
  • Institutions that include a compliance officer in the planning, development, and implementation of business propositions increase the likelihood of success of its compliance monitoring function

An effective monitoring system includes regularly scheduled reviews of:

  • Disclosures and calculations for various product offerings
  • Document filing and retention procedures
  • Posted notices, marketing literature, and advertising
  • Various state consumer protection laws and regulations
  • Third-party service provider operations
  • Internal compliance communication systems that provide updates and revisions of the applicable laws and regulations to management and staff.

Consumer Complaint Response

  • An institution should promptly handle consumer complaints.
  • Procedures should be established for addressing complaints, and individuals or departments responsible for handling them should be designated and known to all institution personnel to expedite responses.
  • A compliance officer should be aware of complaints received and act to ensure a timely resolution.
  • Complaint trends should be evaluated to identify systematic compliance problems (Tarantino, 2006).

Recommend systems or components-

It is expected that no two compliance programs will be the same, and that the formality of a program will be dictated by numerous considerations, including:

  • Institution’s size, number of branches, and organizational structure
  • Business strategy of the institution (e.g., community bank versus regional; retail versus wholesale bank)
  • Types of products
  • Location of the institution—its main office and branches
  • Other influences, such as whether the institution is involved in interstate or international banking.

Compliance efforts require an ongoing commitment from all levels of management and should be a part of an institution’s daily business operations.


Eggert, M. (2014). Compliance management in financial industries. Cham: Springer.

Graham, L. (n.d.). Internal control audit and compliance.

Silverman, M. (2008). Compliance management for public, private, or nonprofit organizations. New York: McGraw-Hill.

Tarantino, A. (2006). Manager's guide to compliance. Hoboken, N.J.: John Wiley & Sons.

How to cite this essay: