Job Descriptions 809
Can anyone help me with what should be in the job descriptions of the CEO, CFO, CIO, Controller, etc to address their responsibilities relating to sox? I apologize for being so vague. Our company is just now going public. Thanks in advance for all replies.
lekatis last edited by
There is a book:
‘Beyond COSO’ by Steven Root. Since 1998 (yes, before SOX). I like this book but bear in mind that it is not a book about Sarbanes Oxley.
Pages 225 - 235: Job descriptions for CEO, CFO, CIO, Board of Directors, Audit Committee, President, Controller, Chief Internal Audit Executive etc.
Thank you for the reply. I will look for the book. It seems there is a lot in SOX of interest to human resources folks and those who consult with them. I’m glad I found this forum.
lekatis last edited by
How did I forget this all times classic? You will persuade everyone with this book.
From the book INTERNAL CONTROL INTEGRATED FRAMEWORK - Committee of Sponsoring Organizations of the Treadway Commission(COSO) Copyright 1992, 1994 by the COSO committee (Two-Volume edition 1994)
CHAPTER 8: Roles and Responsibilities
A sample of the content:
Internal auditors directly examine internal controls and recommend improvements. Standards established by the Institute of Internal Auditors specify that the scope of internal auditing should encompass the examination and evaluation of the adequacy and effectiveness of the organization’s system of internal control and the quality of performance in carrying out assigned responsibilities.
The standards state that the internal auditors should:
*Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
*Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and should determine whether the organization is in compliance.
*Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
*Appraise the economy and efficiency with which resources are employed.
*Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
All activities within an organization are potentially within the scope of the internal auditors’ responsibility. In some entities, the internal audit function is heavily involved with controls over operations. For example, internal auditors may periodically monitor production quality, test the
timeliness of shipments to customers or evaluate the efficiency of the plant layout. In other entities, the internal audit function may focus primarily on compliance or financial reporting-related activities.
The Institute of Internal Auditors standards also set forth the internal auditors’ responsibility for the roles they may be assigned. Those standards, among other things, state that internal auditors should
be independent of the activities they audit. They possess, or should possess, such independence through their position and authority within the entity and through recognition of their objectivity.
Organizational position and authority involve such matters as a reporting line to an individual who has sufficient authority to ensure appropriate audit coverage, consideration and response; selection and dismissal of the director of internal auditing only with board of directors’ or audit committee’s concurrence; internal auditor access to the board or audit committee; and internal auditor authority to follow up on findings and recommendations.
Internal auditors are objective when not placed in a position of subordinating their judgment on audit matters to that of others. The primary protection for this objectivity is appropriate internal
auditor staff assignments. These assignments should be made to avoid potential and actual conflicts of interest and bias. Staff assignments should be rotated periodically andinternal auditors should not assume operating responsibilities. Similarly, they should not be assigned to audit activities with which they were involved recently in connection with prior
It should be recognized that the internal audit function does not as some people believe have primary responsibility for establishing or maintaining the internal control system. That, as noted, is the responsibility of the CEO, along with key managers with designated responsibilities (which may include the chief internal auditor). The internal auditors play an important role in evaluating the effectiveness of control systems and thus contribute to ongoing effectiveness. Because of
organizational position and authority in an entity, and the objectivity with which it carries out its activities, an internal audit function often plays a very significant role in effective internal control.
Again, thank you. I enjoy and learn from your posts.