Maximising the value and effectiveness of the internal audit function requires an understanding of an organization's objectives, risks, risk management priorities, regulatory environment, and the diverse needs of critical stakeholders including executive management, the board, audit committees, employees, and shareholders. Ultimately, these needs determine the risk profile of the organization and the strategic focus of the organization, resources and practices required of its internal audit department.
As companies comply with the reporting requirements of Sections 302 and 404 of the US Sarbanes-Oxley Act, internal auditors are coming to grip with their role and involvement in these initiatives. These questions include both short-term issues during the implementation phase, as well as longer-term questions on the role and responsibilities of internal audit in the process. Although the Sarbanes-Oxley Act spells out the various roles of management, the audit committee, and the external auditors, it does not specifically address the role of internal auditors. In a post Sarbanes-Oxley world, the internal audit function needs to walk a fine line between providing assurance and consulting to management without impairing its objectivity and independence.