Importance of Internal Assessments Before SOX Audits


Many organizations find themselves at odds with the findings of their auditors about the organization’s risk mitigation policies and procedures. The cause of the conflict is likely due to the fact that the auditor requires adherence to standards and guidelines that are not cost-effective for the organization to implement. It’s not necessarily that the risk does not exist, but the risk must be analyzed on the basis of frequency and impact, not solely on the basis of risk’s nature alone. Both parties will agree that the risk exists, but they will differ, often widely, on the likelihood of the risk occurring and the impact of the risk to the organization, and thus the organization’s financial commitment to reduce the risk. Bad blood between both parties is a likely result, but it shouldn’t have to be this way.

The solution to this “SarBox Struggle” is that the organization should perform a thorough assessment before the audit takes place. This is, in fact, one of the requirements of Sarbanes-Oxley compliance as per the COSO framework: the continual monitoring and assessment of controls and policies to ensure they are effective and relevant. However, if your organization is not performing regular assessments you’re more than likely to be hit with an unacceptable audit review and requirements for the implementation of tough standards and strict policies to address perceived risks.

As part of the assessment by the organization, the justification for the levels of risk management should be documented before the audit. The organization must show the balance between the risk (should it occur) and the cost to reduce the risk. The organization has shown it’s own due diligence in performing the risk assessment, and will likely be in a better position to negotiate what is / is not acceptable risk mitigation with the auditor.

Risk $ versus Reduction $

An assessment of risks should be made routinely and before the audit, and include:

– Frequency
– Impacts
– Costs
– Damage Control

Other articles in this series:

An Introduction to Supply Chain Fraud

Supply Chain Fraud and Sarbanes-Oxley

COSO – Sarbanes-Oxley and Supply Chain Fraud

Definition of Supply Chain

Definition of Fraud

Who’s Involved in Supply Chain Fraud?

What Are the Causes of Supply Chain Fraud?

Where Does Supply Chain Fraud Happen?

Assessing the Impacts of Supply Chain Fraud

Methods of Detecting Supply Chain Fraud

Dreaded Shrinkage: Bottomless Pit or Grave?

Budgeting For the Repercussions of Supply Chain Fraud

Summarizing Challenges Surrounding Supply Chain Fraud

Guest Author: Norman Katz

Copyright © Katzscan, Inc. – Source: Supply Chain Fraud White Paper

Telephone: 954-942-4141   Since January 1996 

This entry was posted in , Emerging Trends, New Ideas, Security, SOX/Bill 198, Supply Chain Fraud, Support Services & Industry Initiatives. Bookmark the permalink.

Comments are closed.