Adding Increased Value—The IT Auditor's Role in a SOX Audit

The year is 2018. It is well over a decade since the US Sarbanes-Oxley (SOX) Act was enacted into law. Yet, the full value of IT auditors is not being fully realized in a SOX audit. When a substantive audit is being performed where application controls are not being relied upon, could there be risk that needs to be tested, or at least identified, by an IT auditor even if application controls are not playing a role?

IT auditors can add more value to a SOX audit because of a gap in the auditing process between the functional auditors and the IT auditors. This gap will be illustrated in the most important control for every organization subject to SOX: controls over journal entries (JEs).

Learn More