Back to ER Diagram
Audit & Compliance

Audit & Compliance Cycles

Comprehensive audit and compliance management including audit trail reviews, segregation of duties (SoD) enforcement, policy exception approvals, and regulatory compliance certifications.

PostgreSQL
4 Tables
Schema: compliance
SOX Ready

Compliance Framework

4
Compliance Areas
SoD
Segregation
Real-time
Monitoring
Certified
Compliance

1. Audit Trail Review

1

Procurement Audits

Systematic review of procurement transactions for compliance, accuracy, and policy adherence.

compliance.audit_reviews

  • audit_type - INTERNAL, EXTERNAL, REGULATORY, SPOT_CHECK
  • audit_scope - What is being audited
  • period_start / period_end - Audit period
  • sample_size - Number of transactions reviewed
  • findings_count / critical_findings - Issues found
  • report_path - Final audit report

Audit Types

  • INTERNAL Quarterly reviews
  • EXTERNAL Annual third-party
  • REGULATORY Compliance audits
  • SPOT_CHECK Random sampling

Focus Areas

  • • Approval compliance
  • • Vendor selection fairness
  • • Price reasonableness
  • • Policy adherence

2. Segregation of Duties (SoD)

1

SoD Violation Detection

Real-time detection and tracking of role conflicts that violate segregation of duties principles.

compliance.sod_violations

  • conflicting_roles - Array of conflicting role assignments
  • conflicting_actions - JSON of conflicting activities
  • violation_type - ROLE_CONFLICT, SELF_APPROVAL, LIMIT_OVERRIDE
  • severity - LOW, MEDIUM, HIGH, CRITICAL
  • exception_granted - If waiver approved

SoD Rules

Users cannot: Create AND approve same PR, Create vendor AND issue PO to them, Receive goods AND approve payment, Modify rates AND approve invoices. Violations are blocked or flagged based on severity.

3. Policy Exception Approval

1

Exception Management

Formal process for requesting and approving exceptions to procurement policies with risk assessment and mitigating controls.

compliance.policy_exceptions

  • policy_code / policy_name - Policy being excepted
  • exception_reason - Why exception is needed
  • business_justification - Business case
  • risk_assessment - Identified risks
  • mitigating_controls - Risk mitigation measures
  • valid_from / valid_to - Exception validity period
REQUESTED
RISK REVIEW
APPROVAL
GRANTED

4. Regulatory Compliance Certification

1

Compliance Certifications

Track and maintain regulatory compliance certifications for procurement processes.

compliance.compliance_certifications

  • regulation_code / regulation_name - Regulatory requirement
  • compliance_area - Specific compliance domain
  • certification_period - Validity period
  • compliance_status - COMPLIANT, PARTIAL, NON_COMPLIANT
  • evidence_documents - Supporting documentation
  • next_review_date - Scheduled reassessment

Regulations Covered

  • • SOX (Sarbanes-Oxley)
  • • GDPR (Data Protection)
  • • MSME Act Compliance
  • • GST Regulations

Review Cycle

  • • Annual certification
  • • Quarterly self-assessment
  • • Triggered reviews on changes

Database Schema Summary

TablePurposeKey Columns
compliance.audit_reviewsAudit trackingaudit_type, findings_count
compliance.sod_violationsSoD monitoringconflicting_roles, severity
compliance.policy_exceptionsException approvalpolicy_code, mitigating_controls
compliance.compliance_certificationsRegulatory complianceregulation_code, status
Catalog & Pricing ER Diagram Service Procurement