18–10. Internal Auditing Policies for Best Practices (Chapter 15)
The company shall comply with all internal control provisions of the Sarbanes-Oxley Act. This policy seems redundant—why state that you agree to follow the law? However, most Sarbanes provisions apply only to publicly held companies, so this policy is a useful one for privately held companies who wish to upgrade their control standards to those of public firms. Also, complying with the policy likely requires extensive funding of the internal audit department.
Impacted best practices:
Annually update an internal control assessment of each business unit
Create a control standards manual
Schedule internal audits based on risk
Assign internal auditors to system development teams
All company managers are responsible for meeting the control provisions of the Sarbanes-Oxley Act. This policy is especially useful in forcing managers throughout a company to consider control issues as part of their ongoing activities.
Impacted best practices:
Issue self-audit guides to business units
Train business unit staff on control issues
Train new business unit managers on control issues
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access