18–10. Internal Auditing Policies for Best Practices (Chapter 15)
The company shall comply with all internal control provisions of the Sarbanes-Oxley Act. This policy seems redundant—why state that you agree to follow the law? However, most Sarbanes provisions apply only to publicly held companies, so this policy is a useful one for privately held companies who wish to upgrade their control standards to those of public firms. Also, complying with the policy likely requires extensive funding of the internal audit department.
Impacted best practices:
Annually update an internal control assessment of each business unit
Create a control standards manual
Schedule internal audits based on risk
Assign internal auditors to system development teams
All company managers are responsible for meeting the control provisions of the Sarbanes-Oxley Act. This policy is especially useful in forcing managers throughout a company to consider control issues as part of their ongoing activities.
Impacted best practices:
Issue self-audit guides to business units
Train business unit staff on control issues
Train new business unit managers on control issues
Get Accounting Best Practices, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
