Should internal audit ˜do SOX'? 3278
kymike last edited by
You raise an interesting point about who should be involved in SOX in a public corporation. I would argue that all of the Finance area (including Tax and Treasury functions) should be involved. SOX isn’t a project that gets delegated to one function (Internal Audit, in your question) to manage, but rather should be understood by and integrated into the daily processes by every Finance function.
In some companies, the Internal Audit staff may be the most knowledgeable regarding effective controls. If that is the case, they should lead the effort to train other functions impacted by SOX requirements as to what constitutes effective controls over financial reporting and how to best monitor those controls. However, Internal Audit (or any individual function) should not necessarily be tasked with overall SOX responsibility. I feel that should be a shared responsibility.
Every company is organized a bit differently and will have a different mix of skillsets interspersed throughout the finance function. Each company needs to determine what works best for them as far as ongoing education about and monitoring of controls.