The Sarbanes-Oxley Act (SOx) is a U.S. law enacted in 2002 to improve financial reporting audit processes and to correct a series of board of director, public accounting, and other practices. It has had a major impact on businesses first in the United States and now worldwide. While many of SOx’s new auditing and internal control rules directly changed many financial reporting and external auditor practices, SOx also had a major impact on internal auditors. A general understanding of SOx, with an emphasis on its Section 404 internal accounting control rules, is a key CBOK requirement for all internal auditors.

SOx became law in the United States as a response to a series of accounting misdeeds and financial failures at some once-major corporations such as Enron and WorldCom. A major component of SOx is the Public Company Accounting Oversight Board (PCAOB), an independent entity that sets U.S. external auditing standards and regulates the public accounting industry. Those auditing standards are set at very high levels. For example, the sections following will introduce the PCAOB’s Auditing Standard No. 5, or AS5. SOx introduced major changes that have impacted corporate governance, accounting, and financial reporting audit processes. SOx is a wide-ranging set of requirements that has redefined both how we govern public enterprises and how we attest that their reported financial results are fairly stated.

Most of the business and auditor ...