Sarbanes-Oxley Act

Sarbanes-Oxley and corresponding regulatory changes have raised the stakes for senior management and the board of directors, who must now view fraud and misconduct as a broad-based threat and address fraud issues in far greater detail. CEOs and CFOs who certify internal controls only to subsequently discover significant fraudulent activity face the loss of reputation and career as well as the potential for harsh punitive measures.

Sarbanes-Oxley created the Public Company Accounting Oversight Board (PCAOB) to regulate public auditing firms. At first blush, the actions of the PCAOB would seem irrelevant to the internal audit function, as it is beyond the jurisdiction of the PCAOB. However, this is not the case. The PCAOB's Auditing Standard No. 2 requires independent auditors to evaluate and test the design and operating effectiveness of programs and controls intended to mitigate the risks of fraud. This evaluation must assess the "adequacy of the internal audit activity and whether the internal audit function reports directly to the audit committee, as well as the extent of the audit committee's involvement and interaction with internal audit Further, PCAOB Auditing Standard No. 2 mandates that the independent auditor cite, at a minimum, "significant deficiency," and notes that it is a strong indicator of a material weakness if the independent auditor determines the internal audit or risk assessment function to be ineffective. In short, the PCAOB requires independent auditors to evaluate the fraud-related activities of an internal audit function on an annual basis. If this evaluation finds an internal audit function to be deficient, the independent auditor must, at a minimum, issue a finding of a significant deficiency to the audit committee. The auditors must issue an adverse opinion if they conclude that the deficiencies rise to a material weakness.

The code of ethics for each association is similar in several ways including:

Confidentiality

The Institute of Internal Auditors (IIA) states that auditors will keep confidential all information unless there is a professional or legal obligation to do otherwise. The Association of Certified Fraud Examiners (ACFE) states that examiners will not disclose confidential information without proper authorization to do otherwise.

Competence

Both organizations vow to continually increase the competency of their members as stated by the IIA..."apply knowledge, skills, and experience necessary", and by the ACFE: "strive to increase the competence and effectiveness of professional services performed under his or her direction".

Both groups vow "integrity", "professionalism", and to maintain "ethical" and "legal" behavior.

Essentially,