Compliance audits are undertaken in accordance with ISSAI 400 Fundamental Principles of Compliance Auditing.
Compliance auditing is the independent assessment of whether a given subject matter is in compliance with applicable authorities3 identified as criteria. Compliance audits are carried out by assessing whether activities, financial transactions and information comply, in all material respects, with the authorities which govern the audited entity.
The objective of public-sector compliance auditing, therefore, is to enable the SAI to assess whether the activities of public-sector entities are in accordance with the authorities governing those entities. This involves reporting on the degree to which the audited entity complies with established criteria. Reporting may vary between brief standardized opinions and various forms of conclusions, presented in short or long form. Compliance auditing may be concerned with regularity (adherence to formal criteria such as relevant laws, regulations and agreements) or with propriety (observance of the general principles governing sound financial management and the conduct of public officials). While regularity is the main focus of compliance auditing, propriety may also be pertinent given the public-sector context, in which there are certain expectations concerning financial management and the conduct of officials. Depending on the mandate of the SAI, the audit scope may therefore include aspects of propriety.