SAJIVE ASSOCIATES
CHARTERED ACCOUNTANTS
COMPLIANCE AUDIT
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.
What, precisely, is examined in a compliance audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOXrequirements mean that any electronic communication must be backed up and secured with reasonable disaster recovery infrastructure. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPAA requirements. Financial services companies that transmit credit card data are subject to PCI DSS requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail, often generated by data from event log management software.
IMPORTANCE OF COMPLIANCE AUDIT
Laws, requirements, guidelines, and regulations are prone to change. Much like everything else in life as it turns out. As these rules change, companies need to adapt their compliances to match or risk losing accreditations and their ability to do business. These rules and regulations are in place to protect consumers and the industries that service them. Ensuring that all providers offer the same standard, both legally and covering all necessary parameters. Failure to comply can lead to all sorts of trouble, including fines and, in the worst case, shutdowns.
WHAT IS INVOLVED IN COMPLIANCE AUDIT
Depending on the type of company or organization, different approaches to a compliance audit can be taken. In most cases, a specially trained auditor is assigned to work through a checklist, thus ensuring that all requirements are met and nothing falls short of regulation. For Financial Institutions and Service providers, the audit tends to include information about the security of personal information, disaster recovery, or and information backup. For medical facilities, compliance auditing might require similar points of information while IT consultancies are often subject to queries about processes, data storage, and protection.
Requirements and regulations will differ from country to country and industry to industry. Many governments put compliance requirements in place to protect both industries and their consumers.
In short, the auditor’s report provides determines whether or not the company or organization is in compliance with the applicable rules.
