COMPLIANCE AUDITS
The key elements of a compliance audit can be gleaned from the ISO definition of ‘auditing’ as shown below:

“Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.”  Audit criteria are a “set of policies, procedures, or other requirements against which collected audit evidence is compared.”  Audit evidence consists of “records, statements of fact or other information, relevant to the audit and which are verified.” [i] ISO CD2/ISO 19011 and ISO 9000 – 2000, ASQ Quality Press, 2000 .

Most of us are familiar with compliance audits through ISO 9000 or product requirements.  ISO 9000 system audits traditionally were compliance assessments. The ISO standard or similar standards consist of ‘shall’ requirements.  The auditor assesses business system, process, or product against these standards.  The auditor in a compliance audit verifies that documentation complies with the standard’s requirements and verifies implementation to the ‘say what you do and do as you say’ criteria. 

Compliance audits are fundamentally documentation reviews.  The result is a binary decision, compliance or noncompliance.  If there is noncompliance then the auditor will issue a Corrective Action Request (CAR) or a Preventive Action Request (PAR). 

Compliance audits add value to governmental agencies and to commercial organizations that mandate contractual or regulatory compliance.  Compliance audits are probably the easiest to conduct because requirements are written and less auditor discretion is required.