Which function is NOT a primary compliance function?

Establishing the audit plan is not considered a primary compliance function because it typically falls under the internal audit department's responsibilities rather than the compliance department. The main role of compliance is to ensure that the organization adheres to laws, regulations, and internal policies, while internal audit focuses on evaluating the effectiveness of risk management, control, and governance processes.

Providing advice and guidance, performing monitoring and surveillance, and facilitating regulatory examinations are core activities of compliance. These functions are essential for ensuring that the organization remains in line with applicable laws and regulations, identifying potential compliance risks, and supporting regulatory bodies during their examinations. Thus, these activities directly align with the objectives of a compliance program, while establishing the audit plan is more oriented towards internal assessments and oversight of all operations, not solely focused on compliance.