A compliance audit also reviews whether an entity complies with internal rules, regulations, policies, decisions, and procedures.
An entity is required to comply with the local law and regulations or will face penalties or fines. Some fine is only for a certain monetary amount and some fine requires a close operation.
Types of compliance review:
In general, the compliance audit performs its audit against certain requirements as follows:
1) Local law and regulation:
The entity need to make sure that they are operating in compliance with the law, and related law. To ensure this businesses might need to set up proper business procedures and processes. Or sometimes, they might need a legal consultant to have their decision advised.
The entity sometimes sets the legal department to review certain significant processes. It wants to make sure that the penalty is minimized and the right procedure that complies with the law is in place.
Along with this, the entity might need its internal audit department to have its review the compliance section with local law requirements.
The internal auditor might need to assess the significant procedures and processes, as well as certain official documentation.
2) Business-related regulation and framework:
Besides reviewing against local law and regulation, compliance auditors might need also to review compliance with related regulations and frameworks.
For example, if the corporation is listed on the stock exchange outside the country that they are operating. Then they need to make sure that the entity complies with the requirement of that stock exchange requirement.
The compliance auditor also needs to review these areas by checking whether the related entity’s current practices follow the requirement.
If not complying with, the compliance auditor needs to discuss with related departments as well as chief executive the findings found, as well as the recommendation that makes by the auditor.
All the findings need to report to the audit committee and the board of directors for their action.
3) Entity’s policy, procedure, and processes:
The compliance auditor also performs its audit again the entity’s internal policy, procedure, and processes. Those internal policies and procedures are very important to the entity for sustainable growth.
Failure to comply with the internal policy and procedure might lead to a waste of time and resources. Serious in-compliance could lead to serious fraud.
Compliance audits are sometimes performed by the compliance officer and sometime performed by internal auditors.
The big company has compliance departments that work separately from internal audit departments.
Who is normally perform a compliance audit?
A compliance audit is normally conducted by the internal auditor and sometime services could be offered by external auditors.
Sometimes internal audit department leaks resources or leaks competency to provide the services. In such a case, the entity might need to seek services from an external firm to provide the services.
Internal audit is the independence department and works under the direct supervision of the audit committee.
The compliance audit report is communicated to the related department or division, CEO, and CFO. The reporting result is direct to the board of directors and the audit committee.
For the big corporations, compliance officers are the one that enforces each unit, department, or division to comply with the required procedures, policy, regulations, and laws.
The compliance officer is also the one who performed a compliance audit sometime.
Written by Sinra