What is a compliance audit?
A compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.
What, precisely, is examined in a compliance audit will vary depending upon whether an organisation is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. In each case, the organisation must be able to demonstrate compliance by producing an audit trail, often generated by data from event log management software.
Compliance auditors will generally ask CIO’s, CTO’s and IT administrators a series of pointed questions over the course of an audit. These may include what users were added and when, who has left the company, whether user IDs were revoked and which IT administrators have access to critical systems. IT administrators prepare for compliance audits using event log managers and robust change management software to allow tracking and documentation authentication and controls in IT systems.
The growing category of GRC (governance, risk management and compliance) software enables CIO’s to quickly show auditors (and CEO’s) that the organization is in compliance and will not be not subject to costly fines or sanctions.