Overview:
The concept of industrial compliance with applicable laws and regulations deals with obeying the statutory requirements to which the entity is subject. Compliance infers acceptance. Societal expected behavior acceptance requires value(s) conformity to established norms. Conformance to government enforced rules is the ultimate goal for most societies to ensure a common baseline of legally acceptable entity behavior, whether laws or regulations apply to individuals or groups.
Governments and governmental agencies enact governance related laws and regulations to ensure that entity managers refrain from participating in corrupt, fraudulent, or unethical behavior. Governments and governmental agencies also enact laws and regulations to provide for stakeholder confidence that management will perform its fiduciary responsibilities. This fiduciary relationship between stakeholders and management typically requires that the entity’s management safeguards assets entrusted to it for use by the entity in generating revenues or paying expenses. To sustain compliance with this legal objective; an entity’s management is expected to provide accurate and complete information about the entity’s past and current performance, as well as their assessments of any confirmed future economic events that may/will affect the entity’s financial status and its present financial position. Government laws and regulations usually require an entity’s management to design, implement, and maintain a system of controls. However, controls existence and effectiveness verification is commonly an external and/or internal statutory audit responsibility. Auditors that conduct these entity compliance attestation engagements are directed toward examining, reviewing, or performing agreed-upon procedures regarding a subject matter; or an assertion about a subject matter, and reporting evidentially-supported results.
Separately or jointly, government-sponsored laws and regulations can impose audit practice requirements that impact entity compliance attestation service efforts. Where laws and regulations promote managements' accountability of entity assets to stakeholders, information technology (IT) legal compliance audit area and/or ambit may be mandated by governments and governmental agencies -- such as the Japanese Financial Instruments and Exchange Law (J-SOX) and United States Federal Information Security Management Act (FISMA). Alternatively, IT audit engagements may be determined by perceived noncompliance risk or the entity’s audit committee can direct IT audit coverage to assess expected compliance by the entity's management. Nevertheless, professional IT auditors must evaluate potential irregularities and illegal acts during the entire IT assurance process,1 even when directed by the audit committee to focus on a particular IT auditable unit -- within the engagement's audit area.
read more : http://www.compliance4all.com/control/w_product/~product_id=500365LIVE/
Comments