Oh good Lord! It’s that time of year again. It’s the big A, the word that makes compliance managers break out into a cold sweat – yes, its audit time.
Audits don’t have to be terrifying, but that didn’t stop 46% of U.S. IT professionals in a recent Ipswitch survey saying that they’d rather have root canal surgery than undergo a compliance audit.
So, why are they so lock-yourself-in-the-toilets scary? Of course, there are the consequences of failing a compliance audit to think about (don’t think about it, you won’t be able to sleep a wink).
Security breaches and penalties from violating regulatory requirements are just a couple of the biggies, both of which can be pretty devastating if you’re a small business or startup.
However, it all really comes down to preparedness, or lack of it in a lot of cases. A huge 59% of respondents in the Ipswitch survey admitted that they weren’t prepare for a compliance audit, while 75% lacked confidence in their colleagues to adequately protect sensitive data.
So, if the fear comes from a lack of preparation, let’s prepare. Here’s a few handy pointers to start thinking about, well before your next audit date:
Give compliance a year-round focus.
Confidence ahead of audits is knowing that you take compliance seriously 365 days a year, not just at audit time.
Include regular compliance improvements in your budget.
Compliance is an on-going process and lapses can happen when the funds aren’t available to make vital improvements. Plan ahead and you’ll have allocated funds to make scheduled improvements, all part of your new policy to put compliance at the top of the agenda.
Do your own audits.
Not only can they act as mock exams, to help you prepare for the real thing, but these dry runs will tighten up your compliance measures at the same time.
Keep your documentation in order.
This makes it easy to dig out and present what you need ready for the audit, in an organised way that makes logical sense. Think about doing your tax return with scraps of receipts instead of a nice neat spreadsheet, and having a tax auditor pop in to take a look – it’d be chaos.
Centre your compliance efforts on one central point.
In short, this means a designated person or team. Someone needs to be the ‘central command person’ for all compliance efforts, coordinating what’s going on and interfacing with all relevant regulatory functions.
Preparation may be a bit boring, but it’ll help you sail through any compliance audit, so go on – put in the legwork.