As California regulators continue to implement its complex system, we are seeing the first real regulatory audits of cannabis businesses.
With that in mind, the hard-working folks over at Simplifya are launching a new initiative to help California cannabis businesses (and their brethren across the country) prepare for – and handle – regulatory audits. Starting today, all Simplifya accounts, even our FREE trial accounts, include standard operating procedures (“SOPs”) specifically designed to help cannabis businesses ace regulatory audits!
Preparing for Regulators
Minimizing the risk of issues arising during a regulatory audit is all about preparation. Like taking a test, an audit can be a very stressful experience but, at the end of the day, everything will be fine if you’re prepared. This means:
- Establishing good standard operating procedures;
- Training your staff on those procedures; and
- Maintaining a compliant facility.
Standard Operating Procedures
As with everything in a cannabis business, successfully navigating audits starts with having good standard operating procedures. Management should set forth clear expectations about preparing for an audit and handling an audit once the regulators arrive. This should entail more than just a basic expectation that folks handle their day-to-day duties in a compliant manner. It’s a good idea to require internal checks and third-party audits.
The SOPs should also address counterintuitive situations, such as when to call an owner. We’ve seen many situations over the years when a manager calls an owner immediately when regulators arrive, and the owner comes racing down to the facility. While it might seem like a good idea to have the owner show up to help facilitate the audit, it makes the investigator think the business has something to hide. Otherwise, why would an owner show up in the middle of an audit?
Training your staff
Comprehensive and brilliant SOPs won’t do a business any good unless the staff is properly trained to follow them. Staff needs to be provided clear procedures to review and understand. Ideally, staff should also be provided a tool to manage, follow, and show execution of those procedures via a software (like Simplifya!). Management should be responsible for making sure the entire staff at the facility is prepared for an audit, including minor details like knowing who should escort the regulators through the facility and where all required documents are stored.
In addition to training, it’s important to test your team to make sure they are following through on those SOPs and their training. As we like to say, “Knowing the rules is the easy part (at least by comparison); the hard part is doing it right every day you come to work.” Self-audits and third-party audits are the way to test your team’s compliance knowledge and identify areas where improvement is required. Best of all, Simplifya facilitates those audits and helps you hold your team accountable for resolving any areas of non-compliance.
The Big Day
It’s the big day! The day you’ve been preparing for all this time. Not your wedding, the day the regulators arrive to check-up on, or even investigate, your business for compliance issues. This is the day all that hard work and training comes into play and you need your team to be at its best. Your team should follow the Simplifya SOPs or your internal SOPs, ensuring that the appropriate staff member escorts the regulator through the facility, responds to questions as needed, and provides any requested documentation.
In addition to our SOPs, we’ve got a few tips to help you minimize your risk:
Regulators aren’t your friends
Regulatory audits should be treated as if you were pulled over for speeding. Be polite, be respectful, be cautious. At the end of the day, a regulatory auditor is a member of law enforcement and hunting for mistakes. A common law enforcement technique is to befriend the subject and get them to let their guard down. It’s no different with a regulatory auditor. Don’t fall prey to this trap; instead, answer their questions clearly, but don’t offer up any additional information.
Antenna down / out-the-door
Auditors are essentially going on a fishing expedition to find compliance violations in your business. If they think they have a big fish on the line, then they will dig in and fight to find a violation. If they don’t think your business is loaded with “fish,” then they are more likely to move along.
This means being able to answer their questions quickly and provide requested documents promptly. The more your staff fumbles and mumbles, the more likely the auditor is to think that they will find something. Instead, show the auditor through your actions that your business is on top of its compliance game. Their antenna will go down and they’ll be out the door.
Regulators are people too
Just like the rest of us, regulators have good days and bad days. Sometimes their kids are driving them crazy, their in-laws are visiting, or they got into an argument with their significant other the night before.
No matter what happens, your staff should always be respectful and courteous. Don’t argue, especially about assertions of non-compliance. It never helps to challenge their authority on the spot. Instead, take clear notes and say, “We’ll look into fixing that.” Later, call the owner, who should contact an attorney to confirm or dispute the assertion.