An overview of Compliance Audit

Prabhat Nigam

09 Mar, 2022

A compliance Audit, simply put together, is a tool of compliance which is utilized by both the internal and external auditors for the assessment and verification of an organization’s adherence to the applicable laws and relevant rules and regulations imposed by the concerned authority over the organization.

What is Compliance Audit?

A number of bodies have tried to define Compliance audit:

ISSAI 4100 defines compliance audit in the following manner:

Compliance Audit checks the degree to which the audited entity follows rules and regulations, laws, policies, established codes, or agreed upon terms and conditions etc. This Audit covers a range of subject matters.

Another attempt has been made in CAG’s Regulations^[1] on Audit and Accounts, 2007 to define compliance audit in the following manner:

Compliance Audit is an assessment of an entity whether it is in compliance with the provisions of the Constitution of India, relevant laws, applicable rules and regulations made there under and various other rules and regulations that are issued by the competent authority from time to time.  

Objective of Compliance Audit

The objective of audit is to enable the auditors to assess whether the activities carried out by the audited entity is in accordance with the rules, regulations and laws laid down by the authorities governing the audited entity. It checks whether the activities, financial statements and transactions and the information given is in accordance with the applicable laws of the concerned authorities. It is actually an audit of regularity and propriety.

• Regularity refers to the fact that the concerned audit is adheres to the formal criteria delineated in the applicable laws and relevant rules and regulations and also those agreements applicable to the auditable entity.
• Propriety that the principles of sound financial management and ethical conduct have been adhered to and legality and competence are also ensured.

The scope of this audit is not restricted to assessment of applicable rules, regulations, laws but also to every matter which according to the auditor seems to be involve extravagant, unnecessary, excessive and wasteful expenditure of money and resources despite having complied with all the laws, rules and regulations prescribed by the relevant authorities.

Methodology of Compliance Audit

• Auditor needs to maintain Audit Checklist (CAC): This checklist delineates the laws which are applicable to the audited entity.
• Auditor visits the location of audited entity: The visit of auditor at the location of the audited entity is important for the verification of the documents such as files, registers etc.
• Auditor prepares a draft report based upon the findings of the audit team
• Based on the findings of the draft report a review meeting is done with the unit head/work directors of the audited entity and inputs are also taken from the Unit Head and HOD of relevant department in working papers
• Preparation of Final Audit Report takes place consisting of the following:

A summary of the non-compliances of the audited entity

1. The compliance status is checked of the register’s list
2. Comparison is also done with the previous reports in order to identify which of the long standing issues have not been resolved

• Auditor draws a list of Non-Compliance: Once the non-compliance report is prepared according to the findings of the audit team, the report of all non-compliances is submitted to the Company’s Board of Directors or the Compliance Head of the audited entity.
• Auditor has to follow up with audited entity to assess the actions taken on the report submitted

What does Compliance Audit checklist (CAC) include?

• CAC is divided into four main parts:

1. List of Notices, Returns, Abstracts, Registers
2. Acts related to Labour Laws and related regulations
3. Environment Laws
4. Laws related to taxation

• It must be remembered that CAC only acts as a guideline and not as exhaustive limit for the audit team
• CAC is prepared after verification of actual documents and not only from the feedback derived from the auditee. Copies of key documents are also retained in the working papers

Impact of non-compliance of Compliance Audit Checklist

• The report also highlights the impact and criticality of the non-compliance identified in report for each item reported
• A general penalty is imposed for non-compliance of the provisions
• Criticality of the non-compliance is also reported where the non-compliance is critical, serious, minor or technical.

Deliverables in Compliance Audit

• A report delineating the level of non-compliances by the audited entity
• Risks associated entity
• Audit rating for improvement during future audits

Benefits of Compliance Audit

Following are some of the benefits of having the audit done from independent auditors:

• Maintaining In house Legal/Compliance team may not be economically feasible for many organisations
• The organisation may suffer because of the high employee attrition rate leaving huge gaps in the organisation
• Places where such in house teams are present, they are usually caught with some or the other urgent matter and may not be able to do justice to the task of audit
• The external independent auditors will give an independent and fair report

Possible Challenges/Obstacles to Compliance Audit

A number of challenges can prop up in successful execution of audit:

• The fear of auditing may result in non-cooperative attitude of the employees
• The culprit employees may indulge in manipulation of records and concealment of facts
• The organisation may fear breach of confidentiality of data
• The organisation may commit in non-compliances between audit periods

Conclusion

From the above discussion, the importance and necessity of compliance audit can be clearly concluded. Every organisation must engage auditors to conduct the audit to avoid any kind of non-compliance which may pose problems in the future such as penalties, suspension of business etc. Therefore, it is recommended that independent auditors should be appointed for fair and independent compliance audit.