Sarbanes-Oxley Act implementation has turned into an auditor-driven, “check the box” exercise.[@@]
Cynthia Glassman, a GOP-appointed member of the U.S. Securities and Exchange Commission, gave that assessment Wednesday during a speech in Washington.
As a result of the misdirected implementation of Section 404 of SOX, which deals with internal controls documentation, “what was meant to be a top-down, risk-focused management exercise became a bottom-up, ‘check the box,’ auditor-driven exercise,” Glassman said, according to a written version of her remarks.
At roundtable discussion in April, participants noted that Section 404 had helped to raise awareness of the importance of the internal audit function, Glassman said.
But Glassman observed that most of the discussion focused on excessive cost. “One of the most worrisome statements I heard was that while many companies initially set the scope of internal controls review through a risk-based approach, their framework was scrapped for the coverage-based, all inclusive approach of the auditors,” she said.