Compliance

What is a compliance audit?

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.
RiskWhat, precisely, is examined in a compliance audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that any electronic communication must be backed up and secured with reasonable disaster recovery infrastructure. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPAA requirements. Financial services companies that transmit credit card data are subject to PCI DSS requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail, often generated by data from event log management software.
Compliance auditors will generally ask CIOs, CTOs and IT administrators a series of pointed questions over the course of an audit.
These may include:

  • What users were added and when?
  • Who has left the company?
  • Whether user IDs were revoked upon leaving?
  • Which IT administrators have access to critical systems?


m&m Innovations audit team has over a decade of experience in assisting organizations ensure their operations are in compliance and to offer suggestions on ways to make improvements going forward.

Call us today to arrange a free consultation