In-house control to ensure that contracting parties and employees act in good faith and are reliable is a part of a general compliance system, but there is more to it than that. Other parts of this system are equally important, not least with a view to avoiding potential liability.

Most risks of liability for companies and their managers arise in the context of inspections by state authorities. Around 30 state bodies in Russia may inspect businesses, and these inspections are known as ‘audits’. A company may face administrative liability, which can mean turnover fines, items being confiscated if they are the subject of or used to commit offences, and a company’s activity being suspended. The company’s managers, meanwhile, could be sanctioned under both administrative and criminal law.

If an in-house control system is in place, steps are taken to identify, assess and reduce these risks, with measures put in place to ensure that compulsory requirements of current law are met. All these measures help companies to avoid potential negative consequences if an audit is held.

Although there may be a large number of audits, they are subject to certain rules set by legislation. For instance, in Russia there is a special procedure for arranging and conducting audits.  There is a regime for state authorities to liaise with one other when they arrange and hold audits, while the auditors’ powers are listed, as are the rights and obligations of persons being audited.

Nor can it be said that audits always come as a surprise to businesses. As a rule, a company must be notified in advance that an audit will be held.

Information about scheduled audits is made available on the official websites of the auditing state body and the Federal Prosecutor’s Office.

If there is to be a scheduled audit, the company is given notice of this at least 3 business days before the audit begins. Notices about unscheduled audits must generally be sent at least 24 hours in advance. Among the exceptions is if the audit aims to prevent damage, or the threat of damage, to the life and health of individuals.

The general rule is that state authorities may conduct scheduled audits not more than once in three years. There is no limit on the number of unscheduled audits.

Under the law, these may be held only on a restricted set of grounds. Examples include: to check whether a company has complied with a notice served on it requiring it to stop violating the law; to allow complaints to be examined from individuals alleging that their rights have been breached; to investigate warnings from legal entities about natural or man-made emergencies; if the mass media has published details of a threat of damage to life and health of individuals; or if instructions are received from the President and the Government. Unfortunately, these grounds are so broadly defined that it is always possible to find a pretext for an unscheduled audit.

To rule out or cut the risk of that liability will result from the audit, it is important to adhere to some key guidelines.

Specific internal regulations should be developed stating how the company and its employees should act so that state bodies have no cause to hold an audit. It should also state how employees should act during an audit if one is carried out, including a statement of who will liaise with the auditors on the company’s behalf.

These regulations should help the company and its employees avoid breaches of the law, while also serving to protect the rights of the company and its employees during audits.

Companies should, where possible, prevent events that could trigger unscheduled audits, as well as obtaining information about, and preparing for, scheduled audits in advance. After all, forewarned is forearmed!

A checklist of good practice would include: making internal checks of compliance with current legislation; keeping track of legislative developments that affect the company’s activity; monitoring updates on official websites of regulatory bodies; complying with any improvement notices issued by state authorities requiring the company to cure breaches; and being proactive in informing those state authorities that the company has met their requirements.

Most audits involve companies’ documents being checked, so it is important to have to hand any documents that the auditors may require (they often ask for constituent and regulatory documents, permits and technical specifications). These need to be brought into line with legislation and should make clear that the company complies with the law in conducting its business.

Once an audit is underway, it is vital in terms of avoiding the potential downside for representatives of the audited company and the auditors to communicate in as formal a way as possible. It is prudent to make copies and detailed lists of all documents the auditors request and receive, to retain copies of all documents the auditors provide, to supply all explanations in writing (where possible) and to take time over preparing those explanations.

All this should be done in accordance with administrative rules that regulate controlling activities of the state authorities (normally federal authorities and their local units). The rules set procedures and timeframes for audits, and those are binding on state authorities and their officials.

Importantly, if the way an audit is carried out breaches legislation, any evidence obtained will be deemed at odds with the procedure set out in the law. This means there is a right to go to court to appeal decisions and improvement notices issued further to the audit.

Besides, the company may refuse to comply when auditors impose requirements outside the scope of their powers. To do this, the company needs to send to the state authority a written refusal to perform the unlawful requirements, citing grounds.

Moreover, the company has a right of appeal to a higher authority/official, to the prosecutions department or to court against any unlawful requirements, actions, omissions and decisions of state bodies or their officials. An appeal will only succeed if the rights and legal interests of companies have been violated, if obligations were unlawfully imposed on them or if the companies or their employees have been unlawfully held liable.