<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">
Articles

Internal Audit 101: Audits vs. Compliance Reviews

July 16, 2020 | Posted by Stephanie Lyon
Clock Image
3 Minute Read

What’s the difference between an audit and a compliance review?

Both an audit and a compliance review require expertise. Both help surface systemic issues. But there are several key differences that clearly separate the two.

What’s an Audit?

An audit is a formal process where an independent party objectively examines the effectiveness or veracity of a process, report, or other metrics.

Independent auditors bring fresh eyes to the task of assessing the effectiveness of a program. Because they have no personal involvement in developing or executing the programs they are auditing, they are able to deliver unbiased findings and recommendations.

Audits generally follow a set schedule or audit program, and the results are reported to the board.

What’s a Compliance Review?

A compliance review, also known as compliance monitoring or compliance testing, is the practice of conducting informal audits on current processes to find out whether people are following compliance requirements or if there is a problem with a particular process.

This differs from an audit in several ways. First, a compliance review isn’t conducted by an independent party. It’s performed by the compliance department. This is often done with checklists to guide compliance staff through what needs to be reviewed.

Second, compliance reviews are done on more of an ad hoc basis and aren’t necessarily planned and scheduled in advance like an audit. Third, results are reported to the department head, who then decides if findings are critical enough to be brought to the board.

An Example of a Compliance Review

A good example of a compliance review would be reviewing a fixed number of account opening documents to make sure the branch staff collected the correct information to meet BSA/AML/OFAC requirements.

Exercises like this one help the compliance department assess the effectiveness of its policies and procedures and make adjustments as needed. If done successfully, it will result in fewer findings when auditors arrive.

This month Ncontracts is releasing Nverify, a comprehensive audit management tool that automates the audit process to ensure compliance while identifying opportunities for internal process improvement. Request a demo if you’d like to learn more.

REQUEST A DEMO

 

Stephanie Lyon

Stephanie Lyon

Ms. Lyon directs Ncontracts’ compliance program, which includes product development and content. Prior to joining Ncontracts, she was a senior compliance counsel at NAFCU where she advised over 800 financial institutions on compliance-related topics. While at NAFCU, Ms. Lyon served as a faculty member for the NAFCU Compliance School and the Bank Secrecy Compliance Seminar and is a well-regarded public speaker at industry functions. She is a frequent author on compliance and risk management topics. Ms. Lyon got her start in the industry by serving in key roles at financial institutions in risk management, compliance, and BSA operations. Ms. Lyon received her J.D. at the George Washington University Law School.