Sarbanes-Oxley and the New Internal Auditing Rules

Preface xi

Chapter 1 Introduction 1

Accounting and Auditing Scandals and Internal Audit 1

What are the New Rules? 3

Who will Find this Book Useful? 7

Chapter 2 Internal Audit and the Sarbanes-Oxley Act 9

“Where were the Auditors?” Standards Failure 10

Sarbanes-Oxley Overview: Key Internal Audit Concerns 12

Impact of the Sarbanes-Oxley Act on the Modern 57

Internal Auditor

Chapter 3 Heightened Responsibilities for Audit Committees 59

Audit Committee Charters and Other Requirements 60

Board’s “Financial Expert” and Internal Audit 64

Helping to Establish Documentation Procedures 67

Controlling Other Audit Services 69

Establishing Open Communications 70

Chapter 4 Launching an Ethics and Whistleblower Program 71

Launching an Organization Ethics Program 72

Establishing a Mission or Values Statement 79

Codes of Conduct 81

Whistleblower and Hotline Functions 89

Auditing the Organization’s Ethics Functions 99

Chapter 5 COSO, Section 404, and Control Self-Assessments 103

SOA Section 404 104

COSO Internal Control Framework 123

Violation Penalties: Organizational Sentencing Guidelines 146

Control Self-Assessments 155

Chapter 6 IIA, CobiT, and Other Professional Internal Audit Standards 165

Institute of Internal Auditors Standards for Professional Practice 165

CobiT and Information Technology Governance 175

ASQ Audit Standards: A Different Approach 183

Chapter 7 Disaster Recovery and Continuity Planning after 9/11 189

Business Continuity Planning and the New Language of Recovery Planning 190

Continuity Planning and Service-Level Agreements 194

New Technologies: Critical Data Mirroring Techniques 195

Establishing Effective Contingency Policies: What are we Protecting? 197

Building the Disaster Planning Business Continuity Plan 198

Testing, Maintaining, and Auditing the Continuity Plan 206

Continuity Planning Going Forward 211

Chapter 8 Internal Audit Fraud Detection and Prevention 213

Red Flags: Fraud Detection for Auditors 214

Public Accounting’s New Role in Fraud Detection 220

IIA Standards for Detecting and Investigating Fraud 223

Fraud Investigations for Internal Auditors 225

Information Systems Fraud Prevention Processes 226

Chapter 9 Enterprise Risk Management, Privacy, and Other Legislative Initiatives 231

Enterprise Risk Management 231

Concurrent with SOA: Other Legislation Impacting Internal Auditors 243

Chapter 10 Rules and Procedures for Internal Auditors Worldwide 257

SOA International Requirements 258

International Accounting and Auditing Standards 259

COSO Worldwide: International Internal Control Frameworks 267

ISO and the Standards Registration Process 272

ITIL Service Support and Service Delivery Best Practices 279

Chapter 11 Continuous Assurance Auditing Future Directions 293

Implementing Continuous Assurance Auditing 294

Internet-Based Extensible Mark-Up Languages: XBRL 302

Data Warehouses, Data Mining, and OLAP 306

Newer Technologies, the Continuous Close, and SOA 311

Chapter 12 Summary: Internal Auditing Going Forward 313

Future Prospects for Internal Auditors 313

Glossary 317

Index 321