A compliance audit is a systematic review of an organization, which serves to identify its adherence to regulatory guidelines. Once the compliance audit is complete, an audit report is issued which details and evaluates an organization’s security procedures, including its strengths and overall level of compliance preparation, as well as its existing risk management procedures.
There are many types of compliance audits, each one targeting a company based on specific criteria that take into account the organization’s needs, and its particular industry. For instance, healthcare providers must adhere to the laws and regulations within the Health Insurance Portability and Accountability Act. Financial service companies that transfer and share customer credit card information are required to adhere to the Payment Card Industry Data Security Standards. Within the confines and parameters of each industry, there are acts, regulations and laws to which companies must adhere.
Like every fiscal year end, Mr. Roberts was reviewing the financial records of Burgy, the fast food chain he launched 10 years ago. He became suspicious when the royalty payments he had received from his franchisees over the previous 12 months were not consistent with historical norms.
After Mr. Roberts franchised his fast food chain, he decided to hire a boutique forensic accounting firm to perform yearly compliance audits on the Burgy franchises which operated throughout the country. The key objective was to determine the extent to which the policies and controls were being followed, identifying methods by which to increase efficiency and reduce operational costs.
The audit scope addressed 4 focus areas:
a) Financial Records, Sales and Receipts
b) License Agreement
c) Statutory Requirements
d) Royalty Computation
Once the compliance audit concluded, Mr. Roberts was able to use the audit report which followed as a means to identify the ratio of compliant to non-compliant processes and transactions (also known as the ‘noncompliance percentage’), thereby rooting out and uncovering unintentional weaknesses within the compliance program. As a result, Mr. Roberts was able to successfully identify which Burgy franchises were – albeit unintentionally – not paying the correct royalty amounts, based on their annual sales and profits.
Relevant Evidence:
- Financial Records
- Contracts and Agreements
- Discussions with Franchise Owners