How AI is Transforming Honeywell’s Compliance and Audit Practice
In an age of ESG commitments, a company’s corporate compliance and auditing policies are more than an operational and legal necessity; they’re an internal and external mechanism for maintaining a competitive edge. A quality compliance program can be a vehicle for successfully refining business practices to be more efficient and reduce loss, as well as a vehicle for creating brand trust among consumers and B2B partners.
As more external eyes fall on corporations to be good social and environmental stewards, and as critiques turn into heightened action like unionizing campaigns and lawmaker attention, the need for internal mechanisms to check operations, transactions, and power grows. If it’s not already, the need to proactively nip compliance issues in the bud has become a top priority for companies.
Not for nothing, recommendations from the DOJ since 2017 have been sounding the alarms on a coming shift toward stricter corporate compliance standards and therefore stricter punishments for offenders. As recently as March and April of this year, the DOJ announced revitalized commitments toward investigating and prosecuting corporate crimes. These include things like…
- reemphasizing the role of internal compliance programs as a first line of defense
- the hiring of 120 new prosecutors and 900 new FBI officers for corporate crime enforcement
- a focus on supporting and bolstering the role of Chief Compliance Officers in an organization’s compliance strategy
- the development of a new DOJ unit, the Corporate Enforcement, Compliance and Policy Unit, focused on evaluating compliance programs and training federal prosecutors
This begs the question: If the DOJ is insisting on reprioritized resources and energy behind corporate compliance, where are the strategies of today missing the mark? What tools are available to refine these programs so they meet not only the federal regulatory environment, but the pressures of internal and external stakeholders, all while building a corporate culture of efficacy and honesty?
Amanda Sabates, Vice President of Corporate Audit at multinational manufacturing leader Honeywell, knows this challenge all too well. Taking on the role of VP at the onset of the COVID pandemic, Sabates had to immediately put on the work gloves and refine the company’s internal audit strategies to serve a leaner operation, working through extraneous circumstances and disruptions to everything from workforce training to the supply chain.
While in DFW to speak at NAEM’s EHS&S conference on Compliance, Reporting & Digital Strategy, Sabates joined us at MarketScale for an interview to share her insights on the current compliance climate. Below is a summarized breakdown of some of the main points from our interview, where Sabates lays out a path for compliance professionals to elevate both their compliance framework and tools by bringing emergent technology to their internal programs. She offers experience from her work developing Honeywell’s internal program, CAMS, explains why AI has proven itself to be an essential part of revitalizing the company’s auditing process, and how the industry should weigh recent directives from the DOJ.
Adjusting to Revitalized DOJ Compliance Standards
To kick things off, we wanted to get Sabates’ perspectives on how the DOJ’s recent recommendations are shaping compliance professionals’ and departments’ work. Specifically, we asked her about its focus on individual convictions rather than ‘big corporate dispositions,’ guidelines for internal compliance programs, and how the industry should interpret the hiring of hundreds of new agents and prosecutors to potentially take on thousands of corporate fraud cases. She acknowledged the regulatory “drum beat” has been getting louder over the last few years, but takes the DOJ’s actions as a reminder of standards and expectations that companies should already be adhering to.
“I don’t think this is anything more than a reminder of our social responsibility as public traded companies or corporate America.”
Amanda Sabates: “I always talk about the three lines of defense. The first line being the business. And there’s a responsibility whether you’re in a business or function that you understand your controls and you have your internal governance within the business. The second line is compliance and controllership accounting type of functions, sometimes corporate functions, and they’re sort of the watchdogs. That’s pretty basic if I think about the framework of governance and controls. And the third one is audit. So if all of those are operating well, things should never show up in an audit or an external investigation of any sort, and I think that internal monitoring, if you bring it back to the first line of defense in the business, in the function, that’s pretty powerful because you catch things as they happen.”
Before Sabates joined and assumed a leadership role in the compliance and audit division, Honeywell became well acquainted with the DOJ’s louder regulatory drum beat. In 2019, the company announced in a quarterly securities filing that it was facing pressure from the DOJ and Brazilian authorities for allegedly failing to comply with the Foreign Corrupt Practices Act. The investigation came after third-party partners in Honeywell’s oil solutions division got wrapped up in a bribery investigation around Brazil’s state-run oil giant Petrobras.
This one issue turned into resources upon resources spent, from labor to millions in legal costs. After cooperating with federal authorities through document reviews and employee interviews, in the end, it appears the investigation will amount to $160 million in probable losses for Honeywell to resolve the probe. Though Honeywell faced stock devaluation upon announcement of the probe and the challenge of maneuvering a high-profile federal investigation, it was also a stark reminder for the company of the costs of compliance failures. Whether its internal anomalous transactions or the business practices of external partners, Sabates entered an environment in April 2020 that was acutely aware of the importance of catching and resolving these risks before they become a company-wide burden.
Where are Current Compliance Programs Failing and Why?
Sabates summed up her critiques of internal auditing and compliance functions in one word: scale.
Since most monitoring work is done through the manual process of sampling, where professionals will scrub through a random sample of 100 transactions out of thousands to estimate the rate of anomalous transactions across a company, scaling the auditing labor resources needed as a company grows in size becomes insurmountable. Even if a company could hire the amount of talent needed to accurately sample a data set and create actionable compliance strategies in response, the inconsistencies of the process make it impossible to know exactly how many anomalous data points are going unnoticed or over-reported.
“That scale, I call it exhaustive testing, the ability to do that is really dependent on tools. Theoretically, it’s probable someone could do that with loads and loads of people. Practically, impossible.”
Sabates: “It also allows our talent to do work differently. If you’re consumed in sampling and then deducting from that a level of risk, you’ll have less time to focus on problem-solving the issue that you’ve found. In leveraging big data or AI for example, you’re getting on a silver platter those anomalous transactions that are concerning, and then you leverage your talent to actually then go and look at that more deeply, help problem-solving, inform changes and processes.”
Honeywell’s Solution? Its “Continuous Assessment Monitoring System”
Under Sabates’ leadership, Honeywell’s compliance and audit team turned to tools like AI to support a reimagined approach to monitoring functions. The team developed CAMS as a solution, or Continuous Assessment Monitoring System, which is now active as Honeywell’s internal compliance system. Built on its Forge ecosystem of SaaS products, CAMS aggregates anomalous transactions proactively across the company’s various databases using machine learning and artificial intelligence, a complete 180 from the days of manual data sampling.
“It really negates sampling. We now are able to not do sampling at all, we get on a silver platter the anomalous transactions.”
But of course, reimagining compliance solutions to remove a time-intensive human element and replace it with a trusted automated functionality isn’t without its issues.
Sabates: “One of the first challenges we underscored as we were building this was the refinement and cleansing of alerts as we built them. Each alert takes a tremendous amount of time and then it was initially in its infant stages raising thousands and thousands. ‘Oh my god, like, what is happening!’ And what it was was a refinement and cleansing of, ‘ok, this is surfacing something that’s not really an issue, we’ve got to craft the alert this way, we’ve got to add this data point in and we’ve got to link to this system.’ We absolutely underscored at inception how long the cleansing of that would take.”
After months of rigorous testing, CAMS is operational and functional for monitoring procurement, sales and pricing data within Honeywell. While the compliance and audit team initially validated the tool on its utility for minimizing risk and better allocating monitoring resources, their development process revealed use cases that could shape revenue-building business decisions.
Sabates: “With this tool we could actually help inform business leaders not necessarily that a pricing decision is wrong or that it’s not compliant, but that it might be interesting for the business leader to see that even though it’s within that executive approval loop because we think it may warrant an extra set of eyes. So that’s more operational, more supportive of the bottom line, and I think what we’re seeing with CAMS as we continue to build it and continue to add domains is we can leverage it two-fold: one from a compliance and governance perspective, but it can also help drive the business operationally as well.”
What Can Compliance Professionals Learn from CAMS?
Based on the trials and tribulations of developing and redeveloping Honeywell’s internal solution, working amongst various business divisions to create a flexible tool, and uprooting the traditional processes for monitoring, Sabates’ main advice for other audit teams rethinking their solutions is to get a holistic understanding of a company’s various systems and how they interact with each other before spending too much time on a panacea. If your AI-powered solution immediately becomes too siloed or niche of a tool, or creates more friction with existing data capture tools and data sets, it becomes more of a burden than an alleviation.
“This is a compliance and monitoring governance tool fundamentally, but it required, from a business partnership, far more than myself and the team. We had to bring in focals from procurement, from sales, from pricing, the legal team.”
The efficacy of the tool is, of course, also paramount; a nonsensical or error-prone AI tool is good for no one. This gets back to Sabates’ argument that before claiming a compliance tool is ready for internal or external use, especially one with AI as a core function, it needs to be checked rigorously for potential biases and flaws. As seen in infamous examples like Amazon’s hiring tool, AI-powered solutions are only as good as the brains behind them, and the perspectives of the teams creating the AI algorithms, conscious or not, imprint on the solution for better or for worse. That weight and responsibility, Sabates says, should be handled with extreme care.
Sabates: “The amount of time needed to diligently check and cleanse each alert. Building something of this scale and magnitude, you have to get it right, you can’t release something to the business that’s inadvertently informing risk that’s not real. And there will always be some opposition because it’s a monitoring tool and people don’t like to be monitored per se, but spending a good amount of time on cleansing, refining, making sure the anomalous transactions are clean, are accurate. Really testing that is so important before you actually launch it to the business…. You would really lose its power, its respect and its trust, and you need that in businesses and functions.”
Watch the full interview above for more of Sabates’ thoughts on specific strategies for monitoring procurement operations, why education of the workforce on compliance best practices is as important of a proactive strategy as investing in effective tools, and how to build solutions that can keep everyone from leadership to entry-level employees in line with company’s standards.