Perhaps even more than new rules, new tools are changing the way audit reports look and are produced. As the IIA revises the professional standards to clarify internal audit's role with respect to post-SOX reporting, software wizards are creating integrated and automated methods of collecting, reviewing, and storing data, and the audit process is being transformed. What was manual and detective is becoming automated and preventive.
According to an independent risk consulting firm:
As companies simplify, standardize and automate their processes, they can expect greater emphasis on preventive controls (versus the detective controls that institutionalize costly and non-value added rework into processes) as well as increased emphasis on systems-based controls (versus the more costly, people-based controls)…. As companies eliminate rework and build quality into their processes, they will reduce the number of manual journal entries required to close the books, streamline account reconciliation activity, deploy available configurable controls, and reduce the number of spreadsheets by transferring spreadsheet activity functionality into the organization's ERP system.1
From an IT standpoint, a major effect of SOX has been greater focus on protecting the integrity of corporate data. SOX compliance calls for identifying data that is subject to regulation, then defining data management policies that, when followed, will fulfill the legal requirements regarding ...