Tag Archives: SOX

Internal Audit changing expectations: from a controls-focused approach to a risk-centric mindset

Rapid change is quickly transforming the practice of internal audit raising significant issues for audit leaders and their chief stakeholders. As I highlighted in the article “Internal Audit Changing Expectations,” written for the “Financial Audit” Journal (published in April 2009), there is a clear gap between the current focus of many internal audit functions and where they need to set their sights in order to deliver greater value to their stakeholders.

Since the passage of the Sarbanes-Oxley Act (2002), internal audit groups have been concentrating on financial and compliance risks, traditional areas of focus where their confidence levels are typically high. Consequently, to address the rising expectations of their chief stakeholders, internal audit groups tend to sharpen their focus on strategic, operational, and business risks.

Within the article I concluded that, throughout the next years, the value of controls-focused approach is expected to diminish as internal audit tends to adopt a risk-centric mindset. Study results indicate that five identifiable trends – globalization, changes in risk management, advances in technology, talent and organizational issues and changing internal audit roles – will have the greatest impact on internal audit in the coming years.

You may find bellow a PDF copy of the article (Romanian version with English abstract):
“Internal Audit Changing Expectations,” Financial Audit Magazine No.4(52), Chamber of Financial Auditors of Romania, Bucharest, April 2009, 26-34


The impact of Sarbanes-Oxley Act on Romanian companies

“The impact of Sarbanes-Oxley Act on Romanian companies” is an article written for the “Financial Audit” Journal in July 2008. The article evaluates the benefits of the Sarbanes-Oxley Act for shareholders by studying the lobbying behaviour of investors and corporate insiders to affect the final implemented rules under the Act.

All over the world, regulatory pressures have overshadowed the risk management function for the past few years and we may see a high impact on Romanian companies as well. SOX compliance brings high regulation costs as well as competitive benefits such as improved ability to prevent, quickly detect, correct, and escalate critical risk issues, reduced cost of risk management by improved sharing of risk information and integration of existing risk management functions.

However, SOX compliance not only refers to financial side of corporations, but also to the IT departments considering the corporations’ electronic records and access rights. The lack of controls over spreadsheets has been a contributing factor in financial reporting errors at a number of companies. In this article, you may find examples to highlight the importance of understanding how spreadsheets are used in a company’s financial reporting process and evaluating the controls over spreadsheets as part of the company’s overall Section 404 process.

You may find bellow a PDF copy of the article (Romanian version with English abstract):
“The Impact of Sarbanes-Oxley Act on Romanian companies,” Financial Audit Magazine No.7(43), Chamber of Financial Auditors of Romania, Bucharest, July 2008, 12-18