Sarbanes-Oxley and the New Internal Auditing Rules

Sarbanes-Oxley and the New Internal Auditing Rules thoroughly and clearly explains the Sarbanes-Oxley Act, how it impacts auditors, and how internal auditing can help with its requirements, such as launching an ethics and whistle-blower program or performing effective internal controls reviews under the COSO framework. With ample coverage of emerging rules that have yet to be issued and other matters subject to change, this book outlines fundamental blueprints of the new rules, technological developments, and evolving trends that impact internal audit professionals.

Order your copy today!

Preface xi

Chapter 1 Introduction 1

Accounting and Auditing Scandals and Internal Audit 1

What are the New Rules? 3

Who will Find this Book Useful? 7

Chapter 2 Internal Audit and the Sarbanes-Oxley Act 9

“Where were the Auditors?” Standards Failure 10

Sarbanes-Oxley Overview: Key Internal Audit Concerns 12

Impact of the Sarbanes-Oxley Act on the Modern 57

Internal Auditor

Chapter 3 Heightened Responsibilities for Audit Committees 59

Audit Committee Charters and Other Requirements 60

Board’s “Financial Expert” and Internal Audit 64

Helping to Establish Documentation Procedures 67

Controlling Other Audit Services 69

Establishing Open Communications 70

Chapter 4 Launching an Ethics and Whistleblower Program 71

Launching an Organization Ethics Program 72

Establishing a Mission or Values Statement 79

Codes of Conduct 81

Whistleblower and Hotline Functions 89

Auditing the Organization’s Ethics Functions 99

Chapter 5 COSO, Section 404, and Control Self-Assessments 103

SOA Section 404 104

COSO Internal Control Framework 123

Violation Penalties: Organizational Sentencing Guidelines 146

Control Self-Assessments 155

Chapter 6 IIA, CobiT, and Other Professional Internal Audit Standards 165

Institute of Internal Auditors Standards for Professional Practice 165

CobiT and Information Technology Governance 175

ASQ Audit Standards: A Different Approach 183

Chapter 7 Disaster Recovery and Continuity Planning after 9/11 189

Business Continuity Planning and the New Language of Recovery Planning 190

Continuity Planning and Service-Level Agreements 194

New Technologies: Critical Data Mirroring Techniques 195

Establishing Effective Contingency Policies: What are we Protecting? 197

Building the Disaster Planning Business Continuity Plan 198

Testing, Maintaining, and Auditing the Continuity Plan 206

Continuity Planning Going Forward 211

Chapter 8 Internal Audit Fraud Detection and Prevention 213

Red Flags: Fraud Detection for Auditors 214

Public Accounting’s New Role in Fraud Detection 220

IIA Standards for Detecting and Investigating Fraud 223

Fraud Investigations for Internal Auditors 225

Information Systems Fraud Prevention Processes 226

Chapter 9 Enterprise Risk Management, Privacy, and Other Legislative Initiatives 231

Enterprise Risk Management 231

Concurrent with SOA: Other Legislation Impacting Internal Auditors 243

Chapter 10 Rules and Procedures for Internal Auditors Worldwide 257

SOA International Requirements 258

International Accounting and Auditing Standards 259

COSO Worldwide: International Internal Control Frameworks 267

ISO and the Standards Registration Process 272

ITIL Service Support and Service Delivery Best Practices 279

Chapter 11 Continuous Assurance Auditing Future Directions 293

Implementing Continuous Assurance Auditing 294

Internet-Based Extensible Mark-Up Languages: XBRL 302

Data Warehouses, Data Mining, and OLAP 306

Newer Technologies, the Continuous Close, and SOA 311

Chapter 12 Summary: Internal Auditing Going Forward 313

Future Prospects for Internal Auditors 313

Glossary 317

Index 321

ROBERT R. MOELLER is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. A CPA, CISA, and a CISSP, Moeller has managed several information systems audit functions and served as audit director for Sears Roebuck. In the late 1990s, Moeller launched a business, Compliance and Control Systems, that delivered seminars throughout the United States on corporate governance, COSO, and the importance of Codes of Conduct well before Sarbanes-Oxley and today's interest in those areas. A frequently published author and professional speaker, Moeller provides insight into many of the new rules impacting internal auditors today as well as the challenges audit committees face when dealing with Sarbanes-Oxley, internal controls, and their internal auditors.

Sarbanes-Oxley and the New Internal Auditing Rules

The enactment of the Sarbanes-Oxley Act in 2002 by the U.S. Congress marked a major change for both internal and external auditors, corporate senior management, boards of directors, and many others. Internal auditors now have new, greater responsibilities to their audit committees, to external auditors, and for overall corporate governance.

Sarbanes-Oxley and the New Internal Auditing Rules thoroughly and clearly explains the Sarbanes-Oxley Act, how it impacts auditors, and how internal auditing can help with its requirements, such as launching an ethics and whistle-blower program or performing effective internal controls reviews under the COSO framework. With ample coverage of emerging rules that have yet to be issued and other matters subject to change, this book outlines fundamental blueprints of the new rules, technological developments, and evolving trends that impact internal audit professionals.

To be helpful in the current global climate, this guide's broad coverage looks at a wide range of processes, including disaster recovery and business continuity practices, and fraud detection and prevention following SAS 99. Even if internal auditors don't initiate these practices, understanding such best practices can be helpful in reviewing current approaches or recommending improvements.

This timely and relevant resource addresses new trends and legislation that are impacting internal auditors, including HIPAA and its privacy rules (which affect a wide range of organizations and systems outside of health care), fraud detection and prevention, risk management, the Institute of Internal Auditors' new internal audit standards, and a new COSO Enterprise Risk Management (ERM) framework, which will soon become an important new rule for internal auditors.

Sarbanes-Oxley and the New Internal Auditing Rules is an essential resource for auditors, CFOs, audit committee members, and others in need of a reliable reference for navigating the new role of the auditor within today's changing corporate environment.

Sarbanes-Oxley and the New Internal Auditing Rules

The enactment of the Sarbanes-Oxley Act in 2002 by the U.S. Congress marked a major change for both internal and external auditors, corporate senior management, boards of directors, and many others. Internal auditors now have new, greater responsibilities to their audit committees, to external auditors, and for overall corporate governance.

Sarbanes-Oxley and the New Internal Auditing Rules thoroughly and clearly explains the Sarbanes-Oxley Act, how it impacts auditors, and how internal auditing can help with its requirements, such as launching an ethics and whistle-blower program or performing effective internal controls reviews under the COSO framework. With ample coverage of emerging rules that have yet to be issued and other matters subject to change, this book outlines fundamental blueprints of the new rules, technological developments, and evolving trends that impact internal audit professionals.

To be helpful in the current global climate, this guide's broad coverage looks at a wide range of processes, including disaster recovery and business continuity practices, and fraud detection and prevention following SAS 99. Even if internal auditors don't initiate these practices, understanding such best practices can be helpful in reviewing current approaches or recommending improvements.

This timely and relevant resource addresses new trends and legislation that are impacting internal auditors, including HIPAA and its privacy rules (which affect a wide range of organizations and systems outside of health care), fraud detection and prevention, risk management, the Institute of Internal Auditors' new internal audit standards, and a new COSO Enterprise Risk Management (ERM) framework, which will soon become an important new rule for internal auditors.

Sarbanes-Oxley and the New Internal Auditing Rules is an essential resource for auditors, CFOs, audit committee members, and others in need of a reliable reference for navigating the new role of the auditor within today's changing corporate environment.