:
Internal Audit Guideline No. 12 – Compliance Auditing
Definition
Compliance auditing is a recognized and established audit practice wherein activities are conducted by internal auditors to monitor and assess the efficiency, reliability and effectiveness of a company’s compliance with both internal control policies, governing laws and regulations.
Objectives
The primary objective of a compliance audit is to evaluate the effectiveness of the control environment and to identify weaknesses in order to ensure that all applicable laws, regulations and standards are met. Secondary objectives may include the assessment of sufficient alignment of monitoring activities, processes and procedures as well as communication policies and procedures.
Scope
The scope of a compliance audit typically involves the review of internal control policies and procedures, legal and regulatory documents, risk management activities, and any changes in relevant laws and regulations. An added scope may include an evaluation of financial and operational areas such as purchasing, accounts payable and receivable, payroll, billing and collections.
Approach
The approach of a compliance audit consists of five steps:
1. Plan and Prepare: This step involves initiating the audit by creating an audit team and preparing the audit strategy and work plan.
2. Detailed Audit Preparation: This step involves gathering appropriate data, testing risk management activities and performing detailed analysis.
3. On-site Audit: This step involves assessing internal control processes, evaluating compliance and identifying potential areas of improvement.
4. Report and Follow-up: This step involves documenting findings and recommendations, preparing formal audit reports and monitoring follow-up actions.
5. Finalize Audit Files: This step involves finalizing all audit files, communicating results and closing out the audit process.
Process
The process of a compliance audit usually follows a standard audit approach that includes the following steps:
1. Initiate the Audit: This is the starting point of the audit. At this stage, the purpose of the audit is determined, the resources needed are identified, audit team is formed and the initial audit plan is created.
2.Analyze the Internal Control Environment: This step involves analyzing the internal control environment and assessing the assurance that the control environment provides or would provide for reliable and effective operations.
3.Collect and Analyze Documentation: This step involves the collection of applicable documentations necessary for a detailed analysis of the needed areas.
4.Conduct Tests of Compliance: This step involves assessing compliance with policies and procedures, laws, regulations and standards.
5.Identify Audit Findings and Recommendations: This step involves identifying weaknesses in the internal control environment and suggesting improvement options.
6. Prepare Final Audit Report: This final step involves the preparation of the audit report detailing the results and recommendations.
Conclusion
Compliance auditing is an important practice for companies as it ensures compliance with relevant laws, regulations and standards. It enables management to have peace of mind that their operating policies are sufficient and reliable in safeguarding their operations from any unwanted risks or losses. Furthermore, it allows for early problem Identification and makes it easier to issue timely corrective measures.
