Compliance Audit

Successfully mastering the Compliance Audit

The Business Analytics Compliance Audit examines six dimensions necessary for successfully identifying your established compliance structure:

  • Compliance Culture
  • Compliance Objectives
  • Compliance Risk
  • Compliance Program
  • Compliance Organisation
  • Compliance Monitoring/Improvement

Compliance Audit test version

Get a first impression of the Business Analytics Compliance Audit. This preview contains a number of questions from the full analytics.
Try it out now
Woman watching out of a window

Audit of your compliance management system: Fulfilling compliance requirements securely

Companies not only have to comply with countless laws and regulations – they also have a duty to implement effective management systems to ensure they follow the rules. In the light of the increasing number of compliance incidents that can be observed, it is advisable to incorporate these kinds of compliance management systems (CMS) as a permanent and integral element of good company management. The following questions frequently come up when CMS is introduced in a company and when its effectiveness is assessed: how does the company deals with compliance requirements? What do the structures look like? Does the system prevent breaches of the rules effectively and does it report problems? Are all employees kept informed? Where is there a need for improvement?

But how do you find out whether your compliance structures, the principles behind them and the measures they envisage are established throughout the company and where you stand with your compliance organization in comparison with other companies?

 Using a digitalized questionnaire, KPMG’s CMS compliance audit puts the existing state of affairs concerning your CMS under the microscope company-wide and highlights any need for action. The questions in the compliance audit are guided here by the structure of a compliance management system (CMS) in accordance with the underlying audit standard IDW PS 980. Based on your answers, an assessment of the maturity of your CMS is drawn up using the seven elements of IDW PS 980.

IDW PS 980 defines principles for the required content and structure of a CMS and thus provides a guide for developing and implementing a CMS at the same time. In the course of this compliance audit, each one of the seven elements is assessed separately and awarded an individual score – so you can better evaluate for your company the extent to which there might be a need for improvement within the individual elements.

Diverse group of people are chatting

Start the preview of the Business Analytics now

Start the Business Analytics preview. It contains an overview of all dimensions of the analysis and offers you a first insight into the question structure at hand with one of many response scales.

Plan your next steps

Would you like to find out more? Talk to us about your current tasks and how this Business Analytics can support you in developing solutions for them. You can try out the Business Analytics free of charge first and see initial results straightaway. Plan your individual roadmap with KPMG Atlas!


We're looking forward to hearing from you.

Get in contact with us here to find out more about our service. We're looking forward to hearing from you to discuss your specific issues.

Contact us

* Required fields

Information on data processing can be found in the Data protection declaration

Try out the Business Analytics in full and free of charge now!

Have you already planned your next steps? Here you have the opportunity to perform an individual maturity level determination and receive an individual summary of the results immediately.

Off-the-shelf not for you?

Please contact our experts to create a non-binding custom-fit solution for your organization.

Would you like to find out more about our tailored service?

Explore Tailored

Advantages of Business Analytics Services

Benefit from our rapid and uncomplicated location determination for your current issues at any time by using our digital service.

KPMG expertise

Drawing on the specialist knowledge of KPMG experts, we navigate you through your relevant issues. 

Ad hoc assessment

Define your individual initial need for action in real time using the results report. 

Benchmarking

Obtain valuable benchmarking data to evaluate your own position. 

Discover more interesting services

Automated recording of double bookings by RPA

Automated recording of double bookings by RPA

Automated identification of double entries and booking of the statement item in SAP.

Learn more

Good to know

How does a compliance management system work?

A compliance management system (CMS) is a system that supports companies to keep their business processes and activities in line with applicable laws, regulations and internal policies. It covers risk identification, control implementation and compliance monitoring.


Compliance assurance is a review to determine compliance with laws, regulations and internal policies and is conducted by the company (internal audit) or a third party (external audit). It serves to assess the effectiveness of the CMS, identify vulnerabilities and recommend improvements. The objective is to ensure that the company is acting in compliance with applicable requirements and is minimizing risks.


Compliance maturity refers to how mature a company is in complying with laws, regulations and internal policies. It indicates how well positioned a company is to identify risks, implement controls and monitor compliance. Benchmark comparisons allow potential for improvement to be identified. A higher level of maturity means that the company is better able to manage compliance risks and to ensure compliance. Compliance maturity can be influenced by various factors, such as company culture, management, resources and technology.


Compliance assurance is typically performed by an independent audit unit that reviews a company's compliance with laws, regulations and internal policies. The assurance can be performed through interviewing, checking documents and observing business processes. The objective is to identify vulnerabilities in the compliance management system and to give recommendations for improvement.


IDW Assurance Standard 980 for compliance management systems is an assurance standard issued by the German Institute of Public Auditors [IDW]. It describes the requirements for examining compliance management systems and provides guidance on how to perform compliance assurance. The standard sets out that the assurance work is to be performed based on a risk management approach and that the audit unit should be independent and objective. The standard is an important guide for companies seeking to ensure that their compliance management systems meet requirements and can manage compliance risks.


Certifying compliance management systems has the advantage of providing an independent and objective confirmation from a reliable and competent body, and can constitute proof that a company meets specific minimum standards. For many companies, certification – for example according to ISO 37301 – can be a requirement to access certain markets or serve certain customers. Furthermore, assurance according to IDW AsS 980 can represent evidence of a compliance management system's appropriateness and effectiveness. A further advantage is the potential release from avoidance of liability for governing bodies of corporations, as certification can provide evidence of the existence of an appropriate and effective compliance management system according to recognized standards.