What is a compliance audit?

A compliance audit is a process of conducting comprehensive reviews of an organization’s adherence to stipulations of a particular contract or agreement, or the organization’s commitment to a set of guidelines. In the not-for-profit world, compliance audits determine whether the organization met the requirements set forth in a government grant or contract. For example, a compliance audit may be conducted to ensure that an organization is following the terms of a bond indenture, the calculation, and payment of certain royalties, or maybe simply for checking that the organization follows regulatory rules.

The primary purpose of a compliance audit is to determine the overall effectiveness of the organization’s protocols and practices used to monitor compliance. While examining these protocols and practices, the compliance auditor must assess if the item he/she is examining complies with particular established standards. The ratio of noncompliant to compliant transactions becomes the basis for identifying the percentage of an organization’s noncompliance. Eventually, the compliance report depends on the said ratio or error rate.

A compliance audit also uncovers unintentional or intentional irregularities, abuse, deficiencies or weaknesses in the system of internal control over compliance. Compliance programs sometimes become weak and deficient due to the many and constantly changing regulations and standards. Thus, companies must hire compliance auditors to determine if their compliance monitoring programs are still intact. In many instances, compliance audits are stipulated in the grant agreement or contract.

A compliance audit is also quite helpful for organizations to get recommendations for improvements in operating efficiency. There is usually a schedule of findings and recommendations which should describe in detail the criteria being evaluated, the cause of the noncompliance, the potential impact as well as recommendations for improvement. If the noncompliance is related to a government grant, there will also be a schedule of questioned costs included as well.

The 4 Stages of a Compliance Audit Program

A good compliance audit involves four stages. The first stage is planning of the audit. This is the most important step since the plan creates a roadmap for successful completion. A good plan always starts with obtaining an understanding of the entity and its compliance requirements, performing a risk assessment as well as a review of prior compliance audits.

During the planning stage, the audit scope should be clearly defined such as placing emphasis on previous audit findings, new product channels, compliance requirements, and identification of high-risk compliance areas. The auditee must be made to understand the importance of the audit and their compliance with the auditor’s investigation. They should be provided with a client assistance list along with due dates and informed of possible additional requests for information as the process continues.

The second stage is performing compliance procedures. This may include inquiries in the form of questionnaires or interviews with staff and management. The auditor will perform both observation and testing. He or she will perform either statistical of judgmental sampling of transactions in order to determine the level of the organization’s compliance and to document his or her findings.

The third stage involves the preparation of the compliance audit report. Once the audit is finished, the auditor must form an opinion as to the auditee’s compliance. There is no particular format, except that the report must be consistent with generally accepted auditing standards or generally accepted governmental auditing standards, whichever is applicable. At a minimum, the report must contain a statement regarding the scope of the audit, the applicable compliance standards being audited, management’s responsibility, the auditor’s responsibility as well as an opinion. The report should also include a schedule of findings along with the identification of deficiencies, and most importantly, recommended corrective actions and appropriate management responses.

Finally, the fourth stage is known as resolution. In the event that the auditors uncover issues, then these issues need to be resolved. The auditors should follow up to ensure that corrective actions have been implemented. In many cases, the auditee may need assistance with the corrective action plan and its implementation. As a result, there may be an opportunity for the auditor to add value by providing valuable assistance to the auditee.