A compliance auditor is a person who reviews the activities at a company to determine whether or not those activities comply with established standards. Compliance auditors usually have degrees in accounting, finance, or a related field. They may also have specialized training unique to the industry in which they work. In the health care field, for example, compliance auditors are fully trained in protocols that are designed to promote patient safety, privacy, and health.
Standards used by a compliance auditor to evaluate a company can come in a number of forms. For many types of industries, some of the standards are enshrined in the law. The compliance auditor must be familiar with the relevant areas of the law, including recent changes, for the purpose of confirming that the company is acting within the law. Other standards can include those established by professional organizations. Standards can also be internal in nature, with companies setting their own standards with the goal of delivering high quality products and services.
The compliance auditor goes through company records, interviews employees, inspects employee handbooks and manuals, and visits various areas within a company to observe company procedures and practices. All of this information is pulled together in a formal report which is presented to the company. The report indicates areas where the company may be at risk of noncompliance or where it is actively violating standards and provides suggestions for improvement.
Some companies maintain a full time compliance department that is responsible for regular and ongoing audits. Large companies and companies which handle sensitive materials are more likely to have such departments. In other cases, an independent compliance auditor is hired to examine a company. Independent auditors can also be hired by external authorities, such as a bank's lending partners, for the purpose of confirming that a company is complying with the terms of an agreement. The contents of reports may be kept private in the case of internal auditors or published, at least in part, when the audit involves oversight by another organization such as a government agency.
Some examples of areas in which a compliance auditor can work include: information technology, security, health care privacy, banking, occupational health and safety, information security, law enforcement, and quality control. These professionals receive varying rates of pay depending on the services they offer, their training, and their experience. Because they are charged with keeping companies in good working order and handling sensitive materials along the way, compliance auditors also need very high ethical standards.