compliance audit

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.

What, precisely, is examined in a compliance audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that any electronic communication must be backed up and secured with reasonable disaster recovery infrastructure. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPAA requirements. Financial services companies that transmit credit card data are subject to PCI DSS requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail, often generated by data from event log management software.

Compliance auditors will generally ask CIOs, CTOs and IT administrators a series of pointed questions over the course of an audit. These may include what users were added and when, who has left the company, whether user IDs were revoked and which IT administrators have access to critical systems. IT administrators prepare for compliance audits using event log managers and robust change management software to allow tracking and documentation authentication and controls in IT systems. The growing category of GRC (governance, risk management and compliance) software enables CIOs to quickly show auditors (and CEOs) that the organization is in compliance and will not be not subject to costly fines or sanctions.

Learn more about Regulatory compliance audits

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Christina Torode explains how to survive a compliance audit. - The Truth to Power Association provides IT audit checklists to registered members.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Effective compliance document management in five days Effective compliance document management can be simple or really complex and costly. Here are some steps to get your priorities in place to help... FAQ: What is the impact of a compliance audit on IT operations? Find answers and resources to frequently asked questions regarding the impact of compliance audits on IT operations. ISO 27001 certification not enough for verifying SaaS, cloud security As SaaS and cloud vendors promote security standards like ISO 27001 or SAS 70, experts urge users to delve deeper. What matters is that vendors meet...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary compliance validation  (SearchCompliance.com) In compliance, validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out....