INTERNAL AUDITING BLOG
Sarbanes finally done
We've just finished our Sarbanes-oxley testing cycle for Internal audit--mgmt will continue on for the rest of the year. It was a long hard process to test year one and then transfer over to management. Some of my key observations
1) Internal Audit should NOT own the sarbanes oxley process--management needs to sign and management should own.
2) Internal audit did most of the testing because we over-scoped the controls that needed gto be tested. If we could have scoped it back further, management would have been able to handle it.
3) Internal audit still needs to be involved.
I'll have more time to post now, if there's anything anyone's looking for, feel free to post comments
Thanks for the Props
and the emails. I appreciate your support.
Here's a link back to a site of a new Internal auditor--tracking his/her thoughts on becoming an auditor. Welcome to the profession
Finally, Sox guidance that makes sense
Entity Level Control Testing
The latest PCAOB guidance makes the Entity level testing the starting point for Sox compliance. I haven't found the existing software to be that useful, but we preferred to create out own in the Internal audit Department at my company. we used the tool from www.arc.executiveboard.com to guide us.
other guidance to use
new stuff posted, very cool work on audit committees and sarbanes oxley compliance
I was emailed yesterday a simple question: what area would you focus your attention on if you could only do one audit this year
Materiality thresholds are easy to cross, often signicant elements of judgment involved in applying accounting standards, easy area for fraud to have a major impact.
The controls are hard to document and test and implementation isn't easy, see this for guidance--Treasury
or piece on 'Follow the Money Trail'
I spent four hours on this site
Audit Reference Center
, internal auditor dream.
Our audit team is pushing rally hrd to keep the level of usefulness high when we write our recomendations. We obviously can't blur the line into internal consulting--just not worth the implications. we can, however, be more prescriptive when offering guidance.
Our audit commitee is panicked about us focusing too much attention on Sarbanes Oxley 404 compliance. we're freeing up our time to do' all the other things IA has to do'--as my audit commitee chair said last week.
IIA Discussion boards
very useful resource full with sage advice
discussion board link at left. you don't have to be a member
Audit Reference Center
New resource for Audit teams--Best practices, tools, risk catalogs, work programs, etc--everything we nee to do our audits. I'm not an advertisement--this is just the first time I've seen anyone put all of this stuff together in on place
someone sent me a link to it at www.auditreferencecenter.com, but I think that just passes through to the web address above.
there's a demo at
with free previews.
Audit Director Roundtable Survey on 404
see audit director roundtable survey on sub-certifications: cool stuff for any internal auditor. IIA survey
NEW SEC DOC
produced a quick guide to the new PCAOB FAQ and SEC FAQ. see the summary at the IIA Link here
great sarbanes Oxley book by the Audit Director Roundtable
good ERM BLog
The Audit Director Roundtable
recently added free material that you don't need to log in to get access to. The site has a listing of all of the materials in their libarary for internal auditors
. My company used the RFP tools and audit committee materials to hire and evaluate internal auditor