Internal Audit 101: Audits vs. Compliance Reviews
What’s the difference between an audit and a compliance review?
Both an audit and a compliance review require expertise. Both help surface systemic issues. But there are several key differences that clearly separate the two.
What’s an Audit?
An audit is a formal process where an independent party objectively examines the effectiveness or veracity of a process, report, or other metrics.
Independent auditors bring fresh eyes to the task of assessing the effectiveness of a program. Because they have no personal involvement in developing or executing the programs they are auditing, they are able to deliver unbiased findings and recommendations.
Audits generally follow a set schedule or audit program, and the results are reported to the board.
What’s a Compliance Review?
A compliance review, also known as compliance monitoring or compliance testing, is the practice of conducting informal audits on current processes to find out whether people are following compliance requirements or if there is a problem with a particular process.
This differs from an audit in several ways. First, a compliance review isn’t conducted by an independent party. It’s performed by the compliance department. This is often done with checklists to guide compliance staff through what needs to be reviewed.
Second, compliance reviews are done on more of an ad hoc basis and aren’t necessarily planned and scheduled in advance like an audit. Third, results are reported to the department head, who then decides if findings are critical enough to be brought to the board.
An Example of a Compliance Review
A good example of a compliance review would be reviewing a fixed number of account opening documents to make sure the branch staff collected the correct information to meet BSA/AML/OFAC requirements.
Exercises like this one help the compliance department assess the effectiveness of its policies and procedures and make adjustments as needed. If done successfully, it will result in fewer findings when auditors arrive.
This month Ncontracts is releasing Nverify, a comprehensive audit management tool that automates the audit process to ensure compliance while identifying opportunities for internal process improvement. Request a demo if you’d like to learn more.