By OptioWPAdmin
November 21, 2019

Auditing Third Party Collection Agencies

Auditing third party collection agencies is standard procedure among corporate clients in today’s business world. The reason for conducting audits is simple. Clients want to confirm that agencies are protecting their interest with compliant practices and efficient collection efforts that result in a favorable return on investment, brand protection, and customer retention.

Auditing third party collection agencies entails reviewing hundreds of agency procedures, practices and certifications, but most fall within the following six major categories:

  • Security
  • Compliance
  • Training
  • Business Practices and Continuity
  • Reporting
  • Operations


Agencies that implement comprehensive security plans are able to protect clients from data breaches. These security plans include the protection of consumer data, internal and external networks, external communications, call center access, policies and more.

data security auditData security includes network bandwidth (internal and external) and data center security. The auditor will examine data transmission protocol, including e-mail accessibility, website accessibility, and removable media. Collectors e-mail usage, including the ability to send anything externally with 10- or 16-digit numbers, will also be checked. Collectors should not be able to access social media sites that allow sharing.

Payment processing procedure also falls in the security category. The auditor will examine payment policies and procedures, including proof of dual custody in mail processing, posting, and bank deposits.

The payment processing room should have cameras, a safe, and adequate security safeguards.

Other areas of study will include proof of balancing to deposits, bank reconciliation, the escheatment process, and proof of acceptable payment methods.

Security also covers staffing considerations, with such items as the work from home policy, the ratio of supervisors to employees, and background checks. There should be a log of corrective action where it applies as well as incident response and procedure for employee fraud.

An important part of this is the Clean Desk Policy. This protects confidential, personal, or sensitive information belonging to the agency clients and consumers. It restricts the use of paper, electronic, and spoken word while collectors are at their workstations. It also stipulates what can and cannot be at the workstation – no writing device or medium (other than erasable whiteboards that are wiped clean after every call), any device capable of capturing an image or data, and personal belongings are prohibited.  Regular inspections are held to ensure compliance.


Auditing compliance is important to clients that are performing a call center audit because it ensures they are receiving a favorable return on investment, protection for their brand, and customer retention.

Auditing also helps promote a culture of responsibility and a sense of respect among collectors for consumers and their personal information. It helps to maintain an organized, efficient environment at the workstation and throughout the call center.

Auditors look at incidence response and the related planning, testing, and training to meet compliance objectives. Specific areas for testing include policies and procedures around skip tracing, the Telephone Consumer Protection Act (including compliance with dialing restrictions), bankruptcy, deceased debtors, litigious debtors, closed accounts, complaint handling, dispute resolution, the Servicemembers Civil Relief Act, regulatory complaints, and the Red Flags Rule.

The Red Flags Rule requires that many businesses and organizations implement a written identity theft prevention program, designed to detect flags of identity theft of their operations, and take steps to prevent crime and mitigate its damages. It is enforced by the Federal Trade Commission and other Federal agencies.

There is also a compliance program for outside vendors, which would include special emphasis on oversight of vendor-specific procedures.

Of course, there will be a quality assurance (QA) and call monitoring audit. This will include a sample scorecard, proof of monitoring with sampling, and compliance tickets. Quality assurance representatives monitor and audit phone calls of the collections department to perform quality assurance review and call scoring. In addition, they perform independent review, scoring, and write-ups, and draft summaries for compliance department personnel.

auditing third party collection agencies


In order to do their jobs, employees need to understand and apply complex and changing federal regulations and client communication and confidentiality requirements. As a result, training is a constant, not just a once a month check-off box. Compliance training should be rigorous about keeping records for training schedules, samples, proof for initial training, monthly training, annual training, ad hoc training, quality assurance training, federal regulation training, security training, and coaching. Clients have to have absolute confidence that their customers are being treated correctly and not being antagonized, and consequently that their brand is being protected from negative comments in the marketplace or social media.

Business Practices and Continuity

This component of auditing third-party collection agencies concerns functional areas including network administration, business continuity and disaster recovery. There should be specific procedures for change management and control and record retention.

This even covers utilities, such as uninterrupted power supply and the use of generators to maintain power. There should be testing logs for risers and for fire extinguishers.

Two other areas are insurance and licensing. There must be proof of adequate insurance, and copies should be available for all required state licenses and bonding.


Auditing agency reports is highly important to their clients.

Only an impartial third party audit can provide the safety and certainty that management and employees are working from the same playbook, and that the work is done to the letter of the law, from a regulatory and compliance standpoint.  There are standard and customized reports that address documentation, transparency, and accountability.  Standard reports document bankruptcies, and monitor call and letter campaign logs, for example.  Custom reports analyze the effectiveness of agency operations, such as the performance of individuals and teams, and dialer efficiency and conversion rates.  Other types of reports include the following:

  • Account inventory
  • Account updating
  • Account exception reporting
  • Cloud reporting
  • Key performance indicator reporting
  • Dialer activity
  • Collector activity
  • Pool performance


Operations is a critical component of auditing third-party collection agencies. Operations auditing focuses on collection notices, with samples observed of all approved notices, mail returns, notices in envelopes, and approved backers. The audits examine the actual scripts, both inbound and outbound, to ensure that the verification process has been completed and the required disclosures have been given. There will be an examination of scripts in Spanish and Spanish language communication.

Additionally, the audit will review a wide range of documents. These include organizational charts, management summaries, and an organizational overview. Further down, there will be a review of job descriptions, HR policies, internal management audits, a vulnerability management overview, and a technology plan.

Summary of Auditing Third Party Collection Agencies

In summary, auditing third-party collection agencies is a particularly complex and comprehensive process, which goes way beyond a typical financial audit of an income statement and balance sheet.

As a result of audits and certifications, Optio Solutions can demonstrate that it is a trusted and customer-centric firm, whose internal processes and controls have been tested for business and regulatory compliance at the highest level. Compliance with federal, state, and industry regulatory standards and requirements is tightly integrated into the company culture at Optio Solutions.

Optio delivers a consistent return on investment, brand protection and customer retention for its clients.

Contact us today if your firm is considering hiring a debt collection agency or replacing an existing one.

Share on:

More news