Compliance Audit

Businesses are subject to a multitude of laws, contractual obligations and internal provisions. Ensuring compliance with these regulations requires an adequate compliance management system as an inherent part of the company's risk management.

The Internal Audit function is responsible for assessing the regularity and effectiveness of the compliance organisation. In its role as an independent assessor, it audits a company's departments for compliant behaviour. During a compliance audit, different compliance areas are defined which are analysed with respect to the level of implementation of the compliance organisation in the particular business divisions and operative processes. This is achieved mainly by random checks.

The aim is to identify compliance risks and to uncover compliance violations at an early stage. Thus, compliance audits also act as preventive measures by deterring potential perpetrators . Ultimately, a compliance audit can help integrating new business units.

The standard IDW PS 980, which has been issued in March 2011 by the Institut der Wirtschaftsprüfer (IDW) (German Institute of Auditors), provides a basic set of rules for the assessment of a compliance management system (CMS). Obviously, this standard is limited to general statements concerning the basic elements of a CMS and its assessment - usually through independent experts. On a normal day-by-day-basis, the assessment of the effectiveness of the compliance organisation will often remain a responsibility of Internal Audit. To some extent, it can rely on the IIR revision standard  Nr. 2 which has been issued by the Deutsches Institut für Interne Revision (DIIR) (German Institute for Internal Revision). Most importantly however: A compliance audit requires comprehensive legal expertise.