Compliance audit is essentially about comprehensively reviewing whether a company is adhering to the regulatory related guidelines or not. IT, security and independent accounting consultants conduct an evaluation of the thoroughness and strength of preparations pertaining to compliance. Auditors conduct a review of the security related policies, procedures pertaining to risk management and user access controls throughout the compliance audit course.
The auditor's objectives in a compliance audit are to:
- Obtain sufficient appropriate audit evidence to form an opinion and report at the level specified in the governmental audit requirement on whether the entity complied in all material respects with the applicable compliance requirements; and
- Identify audit and reporting requirements specified in the governmental audit requirement that are supplementary to GAAS and Government Auditing Standards, if any, and perform procedures to address those requirements.
A compliance audit is based on the premise that management is responsible for the entity's compliance with compliance requirements. Management's responsibility for the entity's compliance with compliance requirements includes the following:
- Identifying the entity's government programs and understanding and complying with the compliance requirements
- Establishing and maintaining effective controls that provide reasonable assurance that the entity administers government programs in compliance with the compliance requirements
- Evaluating and monitoring the entity's compliance with the compliance requirements
- Taking corrective action when instances of noncompliance are identified, including corrective action on audit findings of the compliance audit