Internal auditors are finally starting to adapt to the post-SOX era and "rebalancing" some of their priorities as they return to more traditional audit functions.
A new survey from Protiviti sheds light on this trend, with 24 percent of companies reporting that they have put a renewed focus on activities such as identifying key business risks and potential indicators of fraud, in addition to paying attention to compliance with Sarbanes-Oxley.
SOX is more than five years old now, so it's no surprise that some companies are already starting to take a back-to-basics approach. To achieve rebalancing, Protiviti found that 45 percent of internal audit departments were reducing the total population of controls, 37 percent were reducing the number of key controls and 34 percent said there was an increasing reliance on internal audit by external auditors.
To be sure, SOX is still making its presence felt across the audit profession, and it's still closely intertwined with some of the audit functions that Protiviti defines as traditional. The rebalancing trend isn't exactly new, either. Just because SOX came along, that didn't mean that internal audit departments gave up on all the functions they had been doing up to that point. They just had to do a lot more to achieve compliance. When internal auditors were polled two years ago, 10 percent of them said they were already doing rebalancing.
Rebalancing lets companies do more focused audits on high-risk areas such as IT security and business continuity, while also paying attention to SOX compliance. They often rely heavily on their internal resources to do the rebalancing rather than hiring high-priced outside consultants. These companies know what they need to do in addition to the audit of internal controls that SOX demands.
Evolving audit standards also help. The Public Company Accounting Oversight Board's recently approved Auditing Standard No. 5 lets companies adopt more of a risk-based approach so they can perform audits more cost effectively. AS5 allows smaller, less complex companies to scale the scope of the audit to fit the company better.
Similar adjustments in the post-SOX world should enable more companies to balance their responsibilities to complying with regulations while also fulfilling the myriad other functions performed these days by internal audit departments. At the same time, the rebalancing trend leaves room for external audit firms to provide the expertise needed to deal with SOX and the welter of other regulations that demand compliance.
