topleft topright

Login or Register

Red-Hot Thread

"The corporate brand is not only used to improve competitive positioning and express company aspirations, it can also be a powerful tool to motivate employees."

CFOZone Experts

Opinions and views from expert CFOZone members.

Jun 28

Internal auditors must surpass Sarbanes-Oxley

Posted by dbedell in Sarbanes-OxleyRiskinternal controlsinternal auditcomplianceauditors


Since the Sarbanes-Oxley legislation first came into effect seven years ago, much has changed in the US corporate landscape. At first, the new laws appeared onerous—time consuming and perhaps just a little bit of overkill. Since then, the global financial crisis occurred—putting much greater focus on internal audit, control and corporate accountability.

That focus was pushed from within companies themselves, not just from regulators or legislators, which may be why companies are coming to appreciate the benefits of Sarbanes-Oxley—at least according to a survey by global risk and business consultants Protiviti. In fact, companies report that Sarbanes-Oxley does not go far enough in having companies assess and audit risk.

In the company’s fourth annual Sarbanes-Oxley survey, Protiviti found that the majority of respondents were now well into their Sarbanes-Oxley changes: most were beginning to reduce the amount of time spent on Sarbanes-Oxley compliance, and many reported seeing the benefits of rebalancing their audit activities since the law was put into effect.

More than one third of respondents reported that their internal auditors were now more able to perform traditional audits, and 25 percent said that they were seeing more appropriate coverage of risk. Other benefits cited include increased objectivity by the internal audit department and increased effectiveness and efficiency of operations.

Two out of three companies that responded to the survey reported that they were implementing risk-based testing as part of the audit rebalancing efforts. In addition, companies are focusing on rescoping workloads of audit staff and increasing testing and reliance on monitoring controls.

Respondents also noted that Sarbanes-Oxley compliance was not their only area of focus for reducing risk. For example, companies are also once again looking at enterprise-wide risk assessment as a means of improving risk management and control, according to the survey. Almost half of respondents said enterprise risk assessment was a priority.

Survey respondent Larry Harrington, vice-president of Internal Audit at Raytheon, noted: “Without understanding risk, we can be auditing the wrong area at the wrong time. The bottom line is that businesses face far greater risks today than Sarbanes-Oxley and internal audit must not only rebalance but also retool to meet the current requirements. There is going to be a sea change in internal audit, and each of us has a choice—be ready, willing and able, or become obsolete.”


Comments (2)Add Comment
written by M Wong, June 29, 2010
Could all the extra auditing effort from SOX have given any early warning of the failure on Wall Street such as AIG, etc.?
Denise Bedell
written by Denise Bedell-Bleeker, June 30, 2010
According to risk consultants The GRC Group, SOX did its job in providing mechanisms to ensure transparency. They say that the SOX Act served to warn that companies were overleveraged. They say: "That investors and companies chose to ignore the information is not a failure of the SOX Act, but instead a function of human greed."

Any comments on that? Is it a correct analysis of the strength of SOX in predicting the crisis?

Write comment
You must be logged in to post a comment. Please register if you do not have an account yet.

Copyright © 2009-2016 CFOZone. All rights reserved. CFOZone is a property of PSN, Inc.