Regulatory compliance audit
What is Regulatory Compliance Audit?
Regulatory compliance audit is the audit done by companies and organizations to validate their relevant systems and business processes in compliance with the rules and regulations as per the law of the land.Regulatory compliance means the departments or systems of public agencies and corporations for ensuring the awareness of the personnel regarding the related regulations and laws.The regulatory compliance also ensures that the personnel will comply with and abide by the necessary rules, regulations and laws.In other words, one can define regulatory compliance as the clearly defined standards, specifications or laws which need to be conformed by.
Regulatory Compliance in US
The regulatory compliance audit has been developed to avoid financial discrepancies and making the companies more responsible regarding the reporting of financial statements.The most important regulatory compliance in the US is the Sarbanes Oxley Act which calls for stricter, stronger and tighter compliance regulations for the companies that are publicly listed.The other compliance regulations in the US are the HIPPA, FISMA and GLBA. There are many informative compliance frameworks like the COBIT or NIST that give guidelines on how one can conform to the regulations.
Validation of Information Technology for Regulatory Compliance
Modern organizations use information technology as the main enabler for their business processing. Due to this, the companies have to validate and audit their information technology systems for ensuring the compliance of their underlying records and business processes with the compliance regulations like 21 CFR Part 11(FDA) or Healthcare Insurance Portability and Accountability Act (HIPPA) or Sarbanes-Oxley Act (SOX) of 2002.The SOX Act of 2000 has helped to take corporate governance, financial accounting and disclosure to great heights.Its legislation is aimed at public companies and focuses on maintaining the timeliness, consistency, accuracy and transparency of financial disclosures and results.It calls for improved and effective internal controls and procedures of financial reporting.
COSO and COBIT Framework
The companies can use the COSO and COBIT framework for implementation and enhancement of internal controls.COBIT gives information on executive summary, framework, control objectives, IT audit guidelines or assurance guide, tool set for implementation and management guidelines.COBIT covers 4 domains of planning and organizing, acquiring and implementation, delivery and support and monitoring and evaluating.The objectives of COSO for internal controls are the effectiveness, efficiency, financial reporting reliability and compliance with regulations and laws.COSO is mainly useful for management and COBIT specially caters to IT users, management and auditors.
Compliance Audit
The auditors will look for two things during the regulatory compliance audit.First is that,
the organization has effective controls for addressing the compliance requirements and secondly, whether the organization is consistently applying the designed controls.There are certain steps that help in carrying out the process of compliance audit.First is the planning of the audit by the auditor. Second is the audit meeting of the auditor with the organization. Thirdly, both the auditor and the organization will gather the data and test the IT controls.Fourthly, the organization will take remedial steps for the identified deficiencies.In the fifth step, the auditor and organization will test the remedial controls followed by analysis and reporting of the results. The organization will then respond to the resultant findings and finally the auditor will issue the final audit report.
Other Articles
