Policy
Traditionally, the term policy has mostly been used for describing the strategy or approach of a government or other governing body or in the world of insurance as in ‘insurance policy’, the contract between an insurance company and the insured. Company policy, in a similar fashion, is the way a company does things - in other words - the accepted norms for that company. Additionally it was used in a more general manner in place of practice as in ‘common practice’. The Concise Oxford English Dictionary sites, as an example, the phrase “It’s good policy to listen”.
But, what most of these definitions have in common (with the exception of insurance policies) is that they may or may not be written down in a formal context. They are not always clearly defined unambiguous rules built for maximum mutual communication but can often be used at will to suit current trends.
Defined organizational policies with little room for doubt as to their intention have followed demands for controls to ensure proper management practices. The bursting of the high-tech bubble around the turn of the millennium exposed the ease by which executive management can manipulate company activities and records for their own gain and to the detriment of the company and those connected to it. The infamous stories of Tyco, and the like were paramount to the changes which brought about the laws and industry standards for clearly defined policies.
Auditing
Once at home in the realm of accounting only, the term auditing has become strongly aligned with information technology and, more specifically, with information security. Just and traditional auditing is the overseeing of financial records by an authorized and qualified accountant, the newer use of the term refers to the checking of settings, definitions, technologies used and a record of access and changing of information by individuals. Who should and should not have access to what is just one of the parameters which comes up for examination and reporting of the answers. An auditor is the expert making the checks and determining the impact of the results and an audit report is the reported state of affairs for consideration of the executive management.
Compliance
Compliance, meaning to ‘be in line with’, never was a heavily used term. The verb comply was and still is familiar in phrases such as ‘to comply with the law’ or ‘comply with the rules’. But the noun ‘compliance’ has become well-known in companies and organizations of every type. This is because one or more standards or laws obligate the organization to be in line with what they have to say. Such standards are sometimes driven by laws, and sometimes by industry expectations and inevitably feature requirements to manage a clear and understandable policy. These requirements are included at two basic levels. First of all there are the clauses which state the requirement of maintaining an up-to-date policy and then there are others which make more specific demands of what such policies should meet. | 
