How it works?

Statistical Sampling

Compliance Master uses internationally published statistical sampling methods (ISO 2859.1:1999 / AS1199.1:2003 Sampling procedures for inspection by attributes) to accurately monitor, assess and control operational risks.1

Unlike other solutions, the software's smart data-analytics will determine whether an organisation's operational risk levels have exceeded user- specified limits (risk appetite) by analysing the type and number of non-compliant products and activities found in a much smaller statistically calculated “sample”.

One of the benefits of this highly rigorous approach to auditing and inspection is the result is classified into one of two classes; i.e. compliant / non-compliant, conforming / non-conforming, acceptable / unacceptable, etc.  This enables the software to determine when action is needed to mitigate risks and improve risk-control performance.

Originally developed by the Bell Telephone Company during the mid-1920’s, these methods have stood the test of time and are published by most major standards bodies worldwide; refer below.

Acceptance Sampling by Attributes

Auditing, Assessment and Control Process

The following diagram provides a high-level overview of how Compliance Master uses the statistical sampling methods outlined above to create a highly efficient and effective risk-based auditing and inspection system.  Compliance Master can be used to undertake one-off audits and inspections, but its biggest benefits are derived when it is used to continuously monitor and improve process and third-party risk control performance.

Auditing, Assessment and Control Process



To start performing audits and inspections using Compliance Master you must first define your organisation's operational risk limits; or risk appetite. These limits represent the maximum level of process or third-party non-compliance your organisation or its customers are willing to accept as a long-term average.  The software uses this information to optimise audit and inspection efficiency, control process and supplier outputs, and to benchmark and report risk control performance; refer below.



To initiate audits and inspections using Compliance Master you must first estimate your total audit / inspection population.  This is just one of several risk-factors taken into consideration by the software when calculating the optimum sample-size for each audit and inspection.



Another risk-factor used to calculate the optimum sample-size is the capacity of the responsible process or third-party to consistently achieve the user-specified risk targets; which is represented by a simple risk-performance-dial rating; Excellent, Good and Poor.   Initially, this rating is manually assigned to each process and third-party manually when configuring the software.  But from here, Compliance Master's advanced data-analytics automatically evaluate and where necessary, update the rating following each audit and inspection.



The above risk-factors are used to calculate the optimum sample-size for each audit and inspection.  This process is performance-based, meaning processes and third-parties with a “Poor” risk-performance-rating are audited and inspected more intensely than those with an “Excellent” or "Normal" risk-performance-rating.  This dynamic, risk-based approach to audit and inspection leads to substantial time and cost savings compared to conventional non-statistical solutions.  It also ensures an organisation’s limited auditing and inspection resources are always focused on its areas of highest risk exposure.



Compliance Master creates a tailored on-line checklist for each audit or inspection; which can be accessed from any web-enabled device.  Captured data is automatically uploaded onto the system, analysed and reported in real-time.  There is also tablet app available with auto-sync for remote off-line auditing and inspection applications.  Over and under auditing and inspection is eliminated by terminating the data collection process as soon as the required sample-size requirement has been achieved.



Following each audit and inspection collected data is automatically analysed to determine what, if any, user-defined actions (Protocols) are needed to mitigate non-compliance risk levels and strengthen risk controls.  Actions can be automatically allocated to a nominated person for implementation and close-out.  Compliance Master will optimise your organisations response to audit and inspection outcomes by ensuring they are always proportionate to the assessed risk level.

AS 1199.1-2003 Sampling procedures for inspection by attributes, Part 1: Sampling schemed indexed by acceptance quality limit (AQL) for lot-by-lot inspection. These procedures are reproduced with permission from SAI Global under license 1004-c068. To purchase this standard online follow link: