Rebalancing Internal Audit in the Sarbanes-Oxley Era
As companies have sought to meet new compliance standards under the Sarbanes-Oxley Act of 2002 (SOA), internal auditing has provided companies with vital business process analysis, control testing, risk management, and forensic accounting. According to a new report, "Optimizing the Role of Internal Audit in the SarbanesOxley Era," internal auditing has the potential to deliver even further value to organizations, but only if corporate management and boards readdress and rebalance the roles and responsibilities of internal auditors.
The report, issued by Deloitte & Touche, concludes that without the internal audit function's involvement in business process analysis, control testing, risk management, and forensic accounting, there may have been significantly more disclosures of material weaknesses and revelations of noncompliance with SOA. Sacrifices were made, however. Traditional internal audit work-operational and systems audits, fraud investigation, and special project audit work-became secondary. And, with their fortunes tied more closely to internal audits, companies may need to react to realize the full value of their internal audit function.
Key recommendations outlined in the report include reworking the organizational structure of internal auditing so that the function reports to the audit committee as opposed to executive management. Keeping the internal audit function separate from management helps reassure regulators concerned with independence, external auditors seeking objectivity, and stakeholders expecting strong corporate governance practices.
Moreover, such an organizational structure may foster better communications, encourage more direct feedback, promote proper staffing and budgeting, and better enable audit committees to exert direct influence over the hiring, compensation, and firing of the chief audit executive.
Recent trends indicate that direct auditcommittee reporting is more common. …