An internal auditor conducts a compliance test to ensure that a company's procedures or mechanisms adhere to regulatory requirements, industry practices or corporate policies and function as intended. An audit compliance test may cover operational risks, technology systems, financial controls or regulatory guidelines. An external consultant often may help establish adequate testing procedures.
An internal audit compliance test ensures that employees abide by corporate policies and regulatory requirements in a company's operations. A compliance initiative also evaluates corporate internal "controls" and ensures that they are "effective" and "adequate." (A "control" is a set of instructions that senior management establishes to prevent losses due to error or technology malfunction.) An "effective" control provides corrections to internal problems. An "adequate" control clearly lists steps for job performance and decision-making.
An internal auditor (conducting compliance tests) usually has a bachelor's degree in accounting, audit or tax. An auditor may also have a master's degree in a business field or in liberal arts. A compliance reviewer may also have a certified public accountant (CPA), a certified internal auditor (CIA) or a certified fraud examiner (CFE) designation. An employee holding a higher academic degree or a professional license has more career growth opportunities.
An internal audit compliance test may cover four areas—operations, regulation, information systems and financial reporting. An operational compliance test ensures that a company's activities adhere to top management's recommendations and human resources policies. A regulatory review indicates whether a company's employees and activities abide by governmental requirements and regulatory guidelines. A technology audit assesses a firm's information systems and detects potential breakdowns. A financial compliance audit ensures that accounting and reporting mechanisms function effectively and adequately.
An internal audit department may occasionally seek outside expertise in improving evaluation processes and review steps. A public accounting firm or a business consulting group can provide such expertise. For example, the internal audit supervisor at a Texas-based oil refinery might hire a geologist or a U.S. Environmental Protection Agency (EPA) expert to advise on tools and techniques to use in assessing the company's compliance with environmental laws and drilling regulations.
Professional rules or regulatory guidelines do not require an internal auditor, who performs compliance tests, to hold a professional certification even though most experienced internal auditors hold at least one designation. A company's top management is not required to publish internal audit reports (to regulators or investors) as these documents only help corporate decision-makers evaluate an organization's "risk profile" and operating functions. A "risk profile" indicates the "high," "medium" and "low" risk areas within a company, ("high," "medium" and "low" indicating potential losses).
- Stanford University: Institutional Compliance Program
- University of Texas Health Science Center: Responsibilities of Internal Audit and Institutional Compliance
- University of Texas Health Science Center: Internal Audit vs. Institutional Compliance
- Nevada Gaming Commission and State Gaming Control Board: Internal Audit Compliance Checklists
- law courts image by Peter Helin from Fotolia.com