Compliance Audit
Generally speaking, conducting a compliance audit is the comprehensive review of an organization’s adherence to established practices, bylaws, and/or regulations governing an entity’s operation.[1] A team of experts charged with conducting a compliance audit usually includes independent investigators, lawyers, accountants, security consultants and/or IT engineers. Worried about legislation and/or regulations impacting an organization’s ability to operate, asked about an issue, an auditing team will look for information and documentation so managers can make good decisions, certify documents and/or make statements clarifying an entity’s position.
Conducting a compliance audit, investigators will frequently be tasked to review security strategies, evaluate monetary controls, scrutinize environmental policies, examine local ordinances, analyze federal and/or state laws, question user access and/or dissect policies associated with risk management. What, precisely, is examined conducting a compliance audit, usually depends on whether an organization is a public or private entity, the kind of data it handles, and whether it stores or transmits financial or sensitive information.
As an example, passing Sarbanes-Oxley Act [SOA] in 2002, Congress mandated regulations stating electronic communications must be backed up and secured using a disaster recovery plan. Likewise, healthcare providers who transmit/store patient data and/or other sensitive information must comport with regulations established by the Health Insurance Portability and Accountability Act of 1996 [HIPAA]. And financial services companies transmitting credit card information can only transmit data in accordance with standards known as the Payment Card Industry Data Security Standard, established in 2004 by the major credit card companies.[2] Investigators seeking information organizations are in compliance with local, state and federal regulations conduct periodic compliance audits. Organizations required to demonstrate compliance, generally do so producing an audit trail, often generated by data using special designed software and event specific log management programs.
Performing IT surveys, a compliance auditor will typically ask an administrator questions about users, and whether user-IDs have been revoked and/or whether IT administrators have access to critical systems. IT administrators typically prepare for a compliance audit using software and event log managers to track access and document equipment use. The growing category of governance, risk management and compliance auditing software now available generally enables organizations to “not” only establish that employees are compliant with regulations, but allows executives to argue against costly fines and/or mandated sanctions–many times using clear and convincing evidence because of the software.
Directory members can be extremely helpful to anyone seeking information and/or requiring a professional opinion concerning a Compliance Audit. Accordingly, looking for an expert wanting a Compliance Audit just use the website’s search feature to locate someone, entering the appropriate skill, issue, or need as well as the geographical area of preference, and thereafter make contact using the information provided.
______________________________________________
Retired FBI Agents and Analysts with a background conducting a Compliance Audit interested in securing a Directory listing and/or a personal email address should submit an online application requesting membership.
[1] Information concerning COMPLIANCE AUDITING was taken from information written and produced by MARGARET ROUSE at www.WhatIs.com.
[2] Visa, Master Card, Discovery and America Express.