A compliance audit also reviews whether an entity complying with internal rules, regulations, policies, decisions, and procedures.
An entity required to comply with the local law and regulations or they will face penalties or fine. Some fine is only for a certain monetary amount and some fine requires a close operation.
Types of compliance review:
In general, the compliance audit performs its audit against certain requirement as follows:
1) Local law and regulation:
The entity need to make sure that they are operating in compliance with the law, and related law. To ensure this business might need to set up proper business procedures and processes. Or sometime, they might need the legal consultant to have their decision advised.
Entity sometime setting the legal department to review on the certain significant process. It wants to make sure that the penalty is minimized and the right procedure that complies with the law is in place.
Along with this, the entity might need its internal audit department to have its review on the compliance section with local law requirements.
The internal auditor might need to assess the significant procedures and process, as well as certain official documentation.
2) Business-related regulation and framework:
Besides reviewing against local law and regulation, compliance auditors might need also to review compliance with related regulations and frameworks.
For example, if the corporation is listed on the stock exchange outside the country that they are operating. Then they need to make sure that the entity complies with the requirement of that stock exchange requirement.
The compliance auditor also needs to review these areas by checking whether the related entity’s current practices follow the requirement.
If not complying with, the compliance auditor needs to discuss with related departments as well as chief executive that the findings found, as well as the recommendation that makes by the auditor.
All the finding need to report to the audit committee and the board of directors for their action.
3) Entity’s policy, procedure, and processes:
The compliance auditor also performs its audit again entity’s internal policy, procedure, and processes. Those internal policies and procedures are very important to the entity for sustainable growth.
Fail to comply with the internal policy and procedure might lead to a waste of time and resources. Serious in-compliance could lead to serious fraud.
Compliance audits sometimes performed by the compliance officer and sometime performed by internal auditors.
The big company has compliance departments work separately from internal audit departments.
Who is normally perform a compliance audit?
A compliance audit is normally conducted by the internal auditor and sometime services could be offered by external auditors.
Sometime internal audit department leaks of resources or leak of competency to provide the services. In such a case, the entity might need to seek services from an external firm to provide the services.
Internal audit is the independence department and works under the direct supervision of the audit committee.
The compliance audit report is communicated to the related department or division, CEO, and CFO. The reporting result is direct to the board of directors and the audit committee.
For the big corporations, compliance officers are the one that enforces each unit, department, or division to compliance with the required procedures, policy, regulations, and laws.
The compliance officer is also the one who performed a compliance audit sometime.
Written by Sinra