If you store, transmit or process credit or debit card payments you need to comply with PCI DSS. The frequency of audits is determined by the payment services company that you work with and not by the Payment Card Industry Security Standards Council or PCI SSC.
A PCI Compliance Audit is done by qualified security assessors. They look at specific parts of a business to determine whether internal operations meet the standard for cardholder information security. When an organization successfully passes the audit, they are provided with an Attestation of Compliance (AoC)
Read more about compliance