Is your organization’s Compliance Management System up to scratch — including best practices for compliance testing? Download our 8 Step Guide to Implementing an Effective Compliance Testing Program below to get your compliance testing program up and running or move your current program up the maturity scale.

What Is Compliance Testing? 

Compliance testing, or conformance testing, is auditing for adherence to a policy, a rule, or a regulation. Compliance testing in auditing is the process we use to test controls related to regulatory risk. Compliance testing is often the first type of test we perform when assessing the control environment. For example, if we are performing IT compliance testing, we might start with conformance testing in user access provisioning and de-provisioning controls. If the test reveals the system is in compliance, then we will spend less time testing the secondary controls like access review. 

Whether performing SOX compliance testing, technology compliance testing, or simple conformance testing for an internal policy, the work is critical to achieving organizational objectives, maintaining our stakeholder’s trust, and potentially avoiding fines for non-compliance. All the compliance testing is part of the Compliance Management System.

What Is the Role of Compliance Testing in a Compliance Management System? 

Compliance testing is an integral part of ensuring that your organization’s Compliance Management System (CMS) is functioning as intended. Companies that operate in a regulated environment are expected to have a CMS, and testing must be performed against the regulatory requirements that impact your organization in order for a CMS to be effective. 

Compliance Management System wheel pointing to the compliance testing section of the wheel.

Why Is an Effective Compliance Testing Program Important?

Implementing an effective compliance testing program is of critical importance to managing your compliance risk and ensuring the health of your CMS. When you’re performing compliance testing, it is important to remember that you are testing against a rule, a regulation, a law, or a statute, which means that any finding is technically a violation of law or a statute. Identifying violations of requirements (e.g., regulatory or internal policy) and remediating the root cause in a timely manner is crucial to mitigating the compliance risk your organization is facing. Performing compliance testing in an ad hoc manner can lead to increased regulatory scrutiny since your organization will not be able to evidence that they have a fully functioning compliance testing program.

What Makes an Effective Compliance Testing Program?

Regardless of who is performing your compliance testing — whether it is your internal audit or compliance department — there are certain steps that are necessary to successfully implement an effective compliance testing process as part of your compliance function. 

8 Steps to Successfully Implement an Effective Compliance Testing Process

These steps include:

  1. Build the Requirements Library
  2. Perform the Compliance Risk Assessment
  3. Develop the Compliance Testing Methodology 
  4. Build the Testing Schedule
  5. Perform Testing
  6. Issues Management Process
  7. Validate Remediation
  8. Monitor Sustainability

Learn more about these eight steps by downloading our guide below, and put yourself in a strong position to start your organization’s compliance testing program or uplevel a current program’s maturity.

Download our free Guide to Implementing an Effective Compliance Testing Program below!

Guide to Implementing an Effective Compliance Testing Program

Joe Andryszewski
About the author: Joe Andryszewski, CIA, is a Director of Solutions Advisory Services at AuditBoard. An experienced audit and compliance professional, Joe has served as VP of Compliance Testing and Monitoring at Cenlar, and started his career in internal audit working with companies such as NRG Energy and Credit Suisse.