It would be entirely self-serving to suggest that investing in an external compliance review is a very good idea so instead I suggest that if you do pay for a report, you really need to make use of the results.
Your consultant should construct a set of actions for you to implement within your business to reduce risk. These may be beyond the basic FCA requirements and there is nothing wrong with challenging assumptions or inaccuracies and agreeing priorities to establish the difference between areas you must address immediately and areas for improvement.
However, once you have been made aware of any shortfalls, it is imperative you do something about them. This could mean working through them in a board meeting, deciding the order for tackling them or discussing which ones you do not believe are relevant for your firm (ideally, in conjunction with your consultant).
One of the more common and least excusable failings is knowing what your problems are and not doing anything about them. It is something the FCA will pick up on quickly and if you have paid for a report, it makes no financial sense not to use it.
Phil Young is managing director at threesixty services