IT Organization Management Re-Structuring Recommendations? 53



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • The director isn’t the problem…In a way every organisation has one director…
    The issue is the people below him…are there people who qualify to assure a good control mechanism / quality and seperation of functions …



  • I don’t agree with that. Espacially sox requires key-controls, their test and external auditors to look for indicators and prove of management override of internal controls.
    From my point of view having one director for all of the mentioned departments it is a strong indicator that mangement overrides can occur. The fish stinks from the head. I would at least seperate the internal Auditors to a different director.



  • I would have to agree with Holger. SOX was designed to demonstrate internal control over management and the Board. Since Audit is such a key role, independence would be a strong control. Audit departments need to be free to provide whistle blowing, etc.



  • According to me every company has one general manager/director…
    The main issue is here:
    Does he has (qualified) managers below him who can provide and assure a good internal control.
    Offcourse there still has to be as Holger allready said also an external auditor on regular base to check the quality of those internal checks and controls.



  • Not all companies have only one general director. I believe most of the sec listed companies will at least have a board of directors and a supervisory board in one or the other way. Therefore it shouldn’t be a problem to assign the internal audit function to a different board member or to the supervisory board. The company should be able to demonstrate a proper segregation of duties.



  • The company should be able to demonstrate a proper segregation of duties.
    In smaller companies it is enough for the director to delegate this duties…
    furthermore I agree with you. 😄



  • Good modules for your CMS makes the whole transition easier.



  • Internal Auditors have to have the freedom to tell anyone and everyone they are WRONG. And enough installation so that they can continue to point out what they percieve as defects until management acknowledges the defect and accepts the risk or remediates the problem.
    Usually Internal auditors are put under Legal or ideally Chief Operations Officer lead.



  • Sorry to put a new spanner in the works…
    but you will find that the ISACA recommends that Internal audit directors should be appointed and reports to the audit comittee directly. He/she may have a dotted line to the COO or the CFO but the setting of goals/ bonuses/MIPs should be performed by the audit committee.
    cheers
    tristan. 😄


Log in to reply