A compliance audit is the review of business functions to determine whether or not a company is meeting specific contractual, regulatory or predetermined requirements. Compliance audits can review a company’s employees or departments. Larger organizations use compliance audits to conduct internal reviews that measure how well each department operates according to standard operating procedures. Contractual and regulatory compliance audits review how well a company follows written agreements or meets third party guidelines. Each compliance audit follows a few universal procedures.
Compliance audits begin when auditors meet with company management. External auditors are usually responsible for conducting compliance audits. Auditors will discuss with management the type of compliance audit and what business functions specifically need reviewing. The scope of the audit is another issue to discuss. Auditors and company management will determine the information sample size or number of functions to review. Any appropriate manuals, contracts or other paperwork to review, during the compliance audit, are also discussed during this meeting.
Auditors will review each employee’s performance to determine the level of individual compliance. Employees are responsible for completing business functions in accordance with company standards and contractual or regulatory requirements. Auditors may also review the availability of operational managers who oversee employees. A lack of oversight can indicate employees have free rein to complete business functions regardless of standard operating procedures or contractual obligations. Auditors will make notes regarding employee performance, especially any violations of contractual, regulatory or company standards.
Individual department reviews are another procedure in compliance audits. Auditors commonly review operational or financial paperwork from each business department. This information provides auditors with a quantitative analysis of the department’s performance. A department audit is usually where the information sample size comes into play. Auditors review the specific information sample discussed in the management meeting. Auditors ensure the information is compliant and in accordance with operating standards or contractual agreements. If too many violations exist in the department’s initial paperwork sample, auditors usually pull a second sample of information. Additional violations may result in the department being out of compliance.
Auditors will have a final meeting with company management upon completing the compliance audit. Auditors will discuss the audit results and which significant violations were found. Company management can dispute the findings or provide additional insight into the employee or department performance. Auditors will issue a final report at the end of this meeting. The report will outline the violations found during the audit and how well the company maintains standards or contractual agreements. Outside organizations or regulatory agencies may require a copy of the auditor’s official report. Auditor reports can give a positive or negative opinion on the company’s compliance with contractual agreements.