bakhtiarzein - Fotolia


Prep a compliance audit checklist that auditors want to see

Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job.

Achieving compliance can be as simple as stating an organization is compliant with a standard, regulation or other requirement. Yet, increasingly, organizations want evidence their prospective partners and clients are running their business according to relevant mandates. This is typically a key part of vendor evaluation activities prior to executing any contracts or other agreements.

One of the most effective ways to demonstrate compliance is to have auditors perform an examination, prepare a report on their findings and issue an attestation of those findings. This can be performed using one of the three compliance auditing options: self-audit and attestation; audit and attestation by an internal audit department; or audit and attestation by a third party.

Regardless of which technique is used, several important activities must be addressed when preparing for a compliance audit, performing the audit itself and facilitating the final report, recommendations and attestation. A compliance audit preparation checklist will help enterprises ensure they are ready for the audit and they will achieve the audit results they desire.

Several items are essential to ensure an enterprise is prepared for a compliance audit, including the following:

  • knowledge of compliance requirements;
  • availability of subject matter experts (SMEs) to interview;
  • access to firm operations for visual examination of compliance-related activities; and
  • access to documented evidence -- both hard-copy and electronic -- verifying the actions taken to achieve compliance.

Compliance audit preparation checklist

Following these key steps will demonstrate that an organization is ready for the compliance audit and has prepared for the auditors' requests.

Determine the metrics for which compliance is being audited. These can include standards, regulations, company policies, laws and legal precedent, and recognized activities constituting good practice.

Make sure the auditors are knowledgeable of the items to be audited. It may be necessary to educate auditors on the specific compliance mandates relevant to the organization so they can perform a careful examination.

Ensure the audit team has a place to work, especially if using an external audit firm. A conference room is typically an ideal work location; it can also be used to conduct interviews.

Have copies of all relevant compliance audit documents available for the audit team. This includes the standards and regulations, along with other metrics.

Identify employees who are SMEs and likely targets for interviews by the auditors. Verify their availability during the planned audit period, and advise them that they may be asked to respond to follow-up inquiries by the auditors.

Be prepared to organize a schedule of interviews for the auditors.

Have copies of internal evidence supporting compliance. These can include reports, emails, policies, procedures, testing reports, previous audit reports and minutes of meetings. Try to provide more evidence than necessary so auditors won't need to continually ask for more materials to examine.

Conduct pre-audit meetings with the team(s) likely to be involved in the audit. This will ensure all players, from SMEs to senior management, fully understand their roles and responsibilities during the course of the audit.

Be prepared to conduct a pre-audit meeting with the auditors to review their approach and what they will need during the course of the audit. This includes the process for obtaining an attestation of their audit report.

Prepare a tentative schedule and timeline, and make it available to the auditors. They may have their own project approach and timetable, but it clearly shows that an organization is ready.

When preparing for a compliance audit, the emphasis should be on preparation and fully understanding the issues to be audited. Be sure to also know the outcomes of the audit, such as a report and recommendations. Once the compliance audit report has been issued, organizations will probably have lists of items to remediate and time frames in which to perform them.

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG