Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


How to create an effective compliance program for your tribal entity

Feb 08, 2023

It’s easy to see compliance efforts as an added cost to your tribal entity. However, with a capable program to manage risk and regulatory concerns, it’s an opportunity to add value.

For organizations that have limited resources, compliance is a way to maximize what you have. The right program can help you identify errors and inefficient processes that are leading to waste or abuse. It also helps ensure that your organization will be able to maintain necessary funding and licenses.

But compliance isn’t just about operations — it’s also about reputation.

Strong compliance programs telegraph that your organization is trustworthy. Your stakeholders expect that tribal entities are using resources efficiently and ethically by the tribal government’s standards. And customers and vendors are more willing to engage with and support organizations that show a commitment to the effective use of resources.

Poor compliance places your organization in a position of potentially losing funding, resources and constituent support. So, while a compliance program does require constant effort, it’s worth it for the value it can bring to your organization.

If you want to improve compliance within your tribal entity, here are eight components of an effective compliance program that you can implement:

1. An established charter

The backbone of a good compliance program is a charter.

The charter should indicate the objectives of your program, as well as the varying levels of authority and responsibility for those involved. Having this information clearly detailed from the beginning makes it easier to convey standards to the rest of the organization and helps eliminate confusion during implementation.

2. A holistic approach

Effective compliance functions consider both external and internal factors.

External factors encompass things such as meeting regulatory compliance expectations. They include instances where your organization is required to meet certain standards for legal, funding or licensing reasons — for example, Title 31 compliance for tribal casinos or the 477 Program for tribal governments.

Internal factors are the expectations and standards set by your organization and its stakeholders. This includes things such as your organization’s code of conduct and separation of duties.

These factors are often treated as separate issues, but the better approach is to encompass both under an overarching compliance program.

Taking a more holistic approach can help you identify overlapping controls and run your organization’s compliance program more efficiently.

3. Data analysis

Data analysis is an effective way to help your organization identify instances of errors, waste, abuse and noncompliance. It evaluates the results of actual processes operating over time, eliminating behavioral changes when monitored. It also doesn’t require separate processes since necessary data is usually generated as part of your organization’s day-to-day operations.

For example, your financial team is already collecting data on things such as accounts payable, payroll and accounts receivable. By analyzing this data, you can test for suspicious behaviors that indicate abuse, such as unauthorized payments, overpayments or payments made at unusual times. You can also look for compliance issues with missing or incorrect information.

But financial data isn’t the only information that you need. Feedback from customers, employees and stakeholders is also valuable in identifying potential problems and inefficiencies.

When analyzing data, it’s important to make sure that you’re starting with complete and accurate data sets, as this eliminates the potential for errors. It’s also helpful to determine your goals for the data ahead of time, so that you can be more intentional with your testing.

4. Support from senior leadership

Leadership within your organization needs to be visibly supportive and actively involved in compliance.

Their attitude toward compliance will trickle down to the rest of the organization, helping to create buy-in at all levels. And their support ensures that your program will have access to any necessary resources.

5. Organizational perception

Along with support from senior leadership, it’s important to consider how compliance is perceived within the organization.

As much as possible, you want to highlight the ability of individuals and the overall entity to succeed while meeting compliance objectives. It shows how compliance isn’t about being prohibitive, but rather aligning individuals with the values of the company and improving operational efficiency.

6. Appropriate resources and training

Your compliance program can’t be successful without the necessary resources and proper training for your people.

Part of that training will need to incorporate any technical concerns. For example, when complying with data security standards, you may need to train your people on how to identify phishing attempts.

But you also need to train them on your expectations. Make sure that every individual clearly understands the code of conduct and responsibilities outlined in your charter, including potentially acknowledging the receipt, understanding and commitment to follow the organization’s requirements.

7. Monitoring compliance

A compliance program isn’t done once you’ve finalized your charter. It requires regular monitoring to ensure that your established controls and objectives are both being met and still meeting your organization’s needs.

With monitoring, it’s important to remember that compliance is everyone’s responsibility.

According to the Association of Certified Fraud Examiners, 55% of occupational fraud is reported by employees. Your compliance team should encourage everyone in the organization to participate in monitoring and allow input when designing and remediating different controls.

8. Course correction

With monitoring, comes course correction. When you identify areas of weakness in your program, you need to determine the reasons for them and create a plan to address them.

To create a remediation plan, ask these three questions:

  1. Are compliance objectives properly designed for the current operations?
  2. Are sufficient resources provided to be successful?
  3. Is the response proportional to potential compliance failures?

These will help you identify why the control failed and how to make the appropriate corrections.

How Wipfli can help

Wipfli is here to help provide the compliance program guidance that your organization needs. Our experienced team can help you identify risks, review controls and use data analytics for increased fraud detection.

Contact us today for more on how we can support your organization’s compliance efforts.

Is your tribal entity doing enough to detect fraud? Register for our upcoming webinar, Anti-fraud best practices for tribes, for more ways that you can protect your organization.

Sign up for more information or continue reading:


Director – Forensic & Litigation Services
View Profile