THE COMPLIANCE AUDIT PROCESS

Doing a Compliance Audit, a stepwise approach is required. First the compliance auditor needs to have a clear knowledge of audit’s objective and scope. Accordingly he decides the time to be devoted in the compliance audit. Before beginning a particular compliance audit, the auditor must gain thorough understanding of applicable rules, guidelines and procedures to be evaluated. He should decide how to recognize when a deviation has occurred, and how to evaluate evidence obtained through audit tests.

The auditor must figure out, for each event to be tested, just what evidence signifies compliance and what evidence signifies noncompliance. The auditor may also prepare a detailed questionnaire about key compliance issues.

Assessing compliance may be simple, requiring a brief inspection to find out whether rules were followed or not however in some cases making a judgment may require extensive research of regulatory requirements, interpretations, and technical materials. If the auditor is not sufficiently experienced in very specialized compliance topics then the opinions of an expert should be sought.

The auditor may choose a sample of events or transactions for testing when it is not practical to examine every
one that falls within the scope of the audit.

Compliance audit reports must be made in the format that is relevant to the auditee or sponsoring entity i.e.
government. Reports usually describe the objectives of the compliance audit, the number of conditions examined during the time period considered, the frequency of events conforming to conditions, and the number of exceptions. When a statistical sample of events has been tested and required assumptions are appropriate, results from the sample may be used to predict the level of compliance for all events or transactions within the scope of the audit. Compliance audit reports often indicate reasons for deviations from standards, describe implications of those deviations, and recommend actions that strengthen control procedures for assuring compliance.