Linda Palmer Linda Palmer - Assessment of SOX implementation - from an Internal Audit perspective, pp. 50. MAM/Sektionen för Management, 2007.
Title: “Assessment of SOX – from an Internal Audit perspective”
Author: Linda M Palmer
Supervisor: Britt Aronsson
Institution: School of Management, Blekinge Institute of Technology
Course: Master Thesis in Business Administration, 10 credits
Purpose: The purpose of this thesis has been to assess the workload, benefits, challenges, requirements and obligations that implementation of the Sarbanes Oxley Act of 2002 (“SOX”) has posed on Internal Auditors and their companies, from Internal Audits’ point of view. The analysis also compares one accelerated filer and one non-accelerated filer to understand difference and similarities between different sized companies in the initial SOX compliance and implementation phase (documentation, risk analysis, gap identification & remediation and testing).
Methods: Quantitative primary and secondary data was used for the research study using a qualitative collection approach. A questionnaire was used as the primary data and was sent to Internal Auditors’ for one accelerated filer and one non-accelerated filer. The secondary data used consisted of audit consultant reports were used to add substance to the empirical chapter.
Results: Internal Auditors are faced by challenges posed by the SOX law, but there are also many benefits once the internal controls are in place. Main benefits as perceived by the Internal Auditors in the study include an understanding of responsibilities within the organization as well as fraud, corruption, breaches of codes of conduct minimization and a more effective Board of Directors. Difficulties facing the Internal Auditors in charge of SOX were mainly concerning managements understanding of responsibilities that SOX adds to the organization and to the Internal Audit department, support to Internal Auditors and the audit committee’s lack of SOX knowledge. The most challenging areas of the implementation phase were documentation, testing process, gap remediation and senior management support. The big difference between the accelerated and non-accelerated filer were management’s knowledge about SOX; the accelerated filer has senior management who understand their responsibilities under the SOX Act, while this is not the case for the non-accelerated filer.