A comprehensive review of some aspect of the internal operations of a company that requires certification by a regulatory body to verify that it is in compliance with mandatory guidelines. Compliance audit procedures may be conducted internally, but are usually facilitated by the certifying organization. A company may require several compliance audits to review regulatory adherence in multiple departments, such as finance, IT, manufacturing, human resources, and, in the case of certain types of financial firms, marketing and sales.

Compliance audit reports must communicate in a fashion that is relevant to the person or entity sponsoring the audit. Reports issued to federal regulators must often follow guidelines prescribing form and content. Reports usually describe the objectives of the compliance audit, the number of conditions examined during the time period considered, the frequency of events conforming to conditions, and the number of exceptions. When a statistical sample of events has been tested and required assumptions are appropriate, results from the sample may be used to predict the level of compliance for all events or transactions within the scope of the audit. Compliance audit reports often indicate reasons for deviations from standards, describe implications of those deviations, and recommend actions that strengthen control procedures for assuring compliance.