Internal Audits 1802
Ben911 last edited by
Can anyone explain the prime role of internal audits in a reviewing phase?
harrywaldron last edited by
Hi Ben - We might need more specifics on what is meant by ‘reviewing phase’ as I see Internal Audit (IA) could be reviewing documentation, sampling, workflow controls, SOX related filings, etc. Still, I found some interesting links in a quick search.
While the specific role of Internal Audit (IA) might vary from company to company, I see their overall role as guidance and ensuring all SOX related procedures are properly followed (e.g., control function). In some companies, they may assist in SOX sampling or testing as an independent and neutral entity (or there might be a separate SOX compliancy team appointed with or without IA members). They might help coordinate activities with external audit firms.
I’m not certain there are ‘absolute’ requirements, as SOX is written with a lot of flexibility. As an IT person, I’m sharing mainly my observations on their control function and guidance to ensure compliancy goals are achieved. I still hope some of this might help
Series of articles related to IA and SOX
please add www and paste to browser
Michele Johnson’s series of articles are excellent as they share some key roles of IA in SOX audits from planning through the entire cycle
informit.com/articles/article.asp?p=336859-and-rl=1 … (multiple pages)
informit.com/articles/article.asp?p=337041-and-rl=1 … (multiple pages)
Some key pages
Ben911 last edited by
I meant Process documentation testing.
kymike last edited by
In most companies, internal audit is more familiar with financial statement assertions and understanding of good internal controls than are the financial accounting staff. This usually places the audit personnel in the position of reviewing SOX documentation and testing. Many companies used their internal audit staff to either document or assist in documenting internal controls over finfnacial reporting in the first year or two of their required compliance with SOX. At the end of the day, management is responsible for ensuring that internal controls are effective. They can do this by any means that they choose (use of internal audit, use of accounting staff, use of third party experts). My experience shows that involvement of the accounting staff in documentation and testing of controls ends up being much more efficient than with them having minimal involvement.