A compliance audit is a systematic review of an organization, which serves to identify its adherence to regulatory guidelines. Once the compliance audit is complete, an audit report is issued which details and evaluates an organization’s security procedures, including its strengths and overall level of compliance preparation, as well as its existing risk management procedures.

There are many types of compliance audits, each one targeting a company based on specific criteria that take into account the organization’s needs, and its particular industry. For instance, healthcare providers must adhere to the laws and regulations within the Health Insurance Portability and Accountability Act. Financial service companies that transfer and share customer credit card information are required to adhere to the Payment Card Industry Data Security Standards. Within the confines and parameters of each industry, there are acts, regulations and laws to which companies must adhere.

laptop-figure

Internal and External

Internal and External Compliance Audits

nagel + associates understands the complexities and procedures surrounding compliance audits. The objective of conducting a compliance audit is to assess the effectiveness of the organization’s compliance practices and protocols, and to determine whether they comply with the established standards of the industry to which they belong.

Compliance audits expose weaknesses and deficiencies within an organization’s compliance program. There are two types of errors that can occur within each organization: unintentional errors and intentional errors. While the majority of frauds occur as a result of the latter, fraudsters often possess the ability to detect vulnerabilities within the internal controls through unintentional errors that are neither caught nor addressed by management.

Rather than conducting an overall review of their entire internal fraud framework, a multitude of organizations have retained and expressed satisfaction with the ability of nagel + associates to establish safety, security and peace of mind. Often, their anxieties are borne out of a concern that is related to specific areas within their organization, and may be an indication that senior management has an overall sense of uneasiness regarding established internal controls or errors that have been detected, which would suggest that the organization is vulnerable to manipulation.

Typical Procedures:

  • Cradle-to-grave review of internal controls within a specific accounting cycle
  • Review of policies and procedures
  • Review of process mapping
  • Review of internal control procedures and testing apparatus
  • Review of audit reporting to management
  • Inquiries of key management and staff
  • Review of internal control mapping
  • Employee surveys

Like every fiscal year end, Mr. Roberts was reviewing the financial records of Burgy, the fast food chain he launched 10 years ago. He became suspicious when the royalty payments he had received from his franchisees over the previous 12 months were not consistent with historical norms.

After Mr. Roberts franchised his fast food chain, he decided to hire a boutique forensic accounting firm to perform yearly compliance audits on the Burgy franchises which operated throughout the country. The key objective was to determine the extent to which the policies and controls were being followed, identifying methods by which to increase efficiency and reduce operational costs.

The audit scope addressed 4 focus areas:
a) Financial Records, Sales and Receipts
b) License Agreement
c) Statutory Requirements
d) Royalty Computation

Once the compliance audit concluded, Mr. Roberts was able to use the audit report which followed as a means to identify the ratio of compliant to non-compliant processes and transactions (also known as the ‘noncompliance percentage’), thereby rooting out and uncovering unintentional weaknesses within the compliance program. As a result, Mr. Roberts was able to successfully identify which Burgy franchises were – albeit unintentionally – not paying the correct royalty amounts, based on their annual sales and profits.

Relevant Evidence:

  • Financial Records
  • Contracts and Agreements
  • Discussions with Franchise Owners

To determine whether your organization may be susceptible to fraud , take the following brief survey: