PR: Audit execs fret over regs, but want SOX to stay

CHICAGO, Mar. 14, 2011 - A new survey of more than 300 chief audit executives (CAEs) by Grant Thornton LLP finds that while nearly half believe that the shifting regulatory landscape poses the greatest threat to their company, a vast majority (88%) do not believe that the Sarbanes-Oxley Act (SOX) should be repealed. Of those that believe SOX should be repealed, the cost of compliance is the main reason for doing so.

"Since the passage of SOX, organizations have had to dedicate significant resources to comply with a host of new laws and regulations," noted Warren Stippich, a Chicago-based partner and Grant Thornton's national Governance, Risk and Compliance solution leader. "Based on discussions with various CAEs during the survey process, many believe that SOX brings a continued focus by management on financial and governance-related controls. However, CAEs believe that compliance audit processes are now well-defined and are currently exploring ways to contribute value creation to the organization well beyond compliance monitoring and reporting."

Cloud computing
Although 69% of CAEs report that their organization uses cloud computing and 45% expect their organization's use of the cloud for hosting applications to increase in the next 12 months, 64% also report that cloud computing is not part of their organization's internal audit plan. In addition, 43% of CAEs have yet to give any thought to security, governance, risk and controls in a cloud environment.

"These results indicate room for improvement in planning, auditing and risk mitigation efforts as cloud computing evolves," said Paul Kanneman, Dallas-based national managing principal of Grant Thornton's Business Advisory Services. "Surprisingly, the security and controls implications of cloud computing are not foremost in the minds of the CAEs we surveyed. However, as more IT activities take place in a cloud environment, CAEs will need to be prepared to address the inherent risks and plan their internal audit approach accordingly."
Other survey findings include:

  • 66% of CAEs report that they are using data analytics to enhance the internal audit function
  • only 72% of CAEs say that their organizations have formal anti-fraud policies and procedures in place
  • 46% of the internal fraud investigations are led by CAEs

Grant Thornton conducted its first annual survey of chief audit executives (CAEs) to provide insights into current trends and identify how internal audit professionals are responding to the changing demands of their profession. The survey covered a range of topics:

  • Internal audit organizational structure and career paths
  • Use of international internal audit resources
  • Board relationships
  • Internal audit technology
  • Risk management
  • Internal audit anti-fraud efforts

To read or download a copy of Grant Thornton's Chief Audit Executive survey, please visit

About Grant Thornton LLP's Chief Audit Executive survey
The 2011 survey of U.S. chief audit executives aimed to uncover how internal audit is adjusting to the changing demands of its role. The survey, conducted in November and December of 2010, had 350 internal audit professional respondents. Respondents came from public and private companies with a wide range of revenues from across the United States. The respondents work in a mix of industries including professional services, consumer products, technology, health care, not-for-profit and manufacturing.

About Grant Thornton LLP
The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity.
In the U.S., visit Grant Thornton LLP at


Advertisement. Closing in 15 seconds.