Compliance

Today's organizations face greater regulatory scrutiny than ever before due to the proliferation of laws and regulations in number and complexity as well as increased regulatory oversight and audit activity. Because of the heightened risks associated with noncompliance, executive management and boards are under increased scrutiny — not only from regulators, but also from customers, clients, stockholders, and business partners — to ensure internal controls are in place to address compliance with laws and regulations and thus minimizing or mitigating legal, reputational, or financial risks.

As part of their overall risk assessment, internal auditors should assess compliance risk and incorporate compliance auditing into their audit plans. One approach to auditing regulatory compliance is to test adherence to various regulations during each audit as it is conducted. Although this approach effectively assesses adherence to specific regulations, it does not provide executive management or the board with an enterprise-wide view of the organization's compliance infrastructure. A better approach is to conduct a comprehensive entity-level audit of the organization's compliance program by auditing compliance activities, identifying gaps, and recommending ways to improve efficiencies and make compliance activities more effective.