IIA Calls on Congress to Modernize SOX Act

The Sarbanes‑Oxley Act, passed in 2002 after corporate scandals, has become the backbone of U.S. corporate governance, mandating rigorous internal controls and executive certifications. While the law succeeded in restoring investor confidence, two decades of digital transformation, data‑driven risk, and evolving audit practices have exposed rigidity in its language. Companies now grapple with duplicated reporting, manual testing, and rising compliance budgets, prompting lawmakers to reassess whether the original framework still delivers optimal protection without stifling innovation.

The Institute of Internal Auditors (IIA) has taken a proactive stance, issuing a policy paper that spotlights the missing definition of the internal audit function within SOX. By codifying internal audit standards and clarifying responsibilities under Sections 302 and 404, the IIA argues firms can streamline assurance activities, eliminate redundant work, and better align internal and external auditors. The paper also highlights emerging technologies—such as automated control testing and AI‑driven risk analytics—as tools to lower costs while preserving the law’s investor‑protection intent.

If Congress adopts the IIA’s five recommendations, the ripple effect could reshape the assurance ecosystem across America’s capital markets. Clear legal language would give boards and executives confidence in audit outcomes, while cost reductions could free resources for strategic initiatives. Moreover, a formal channel for internal auditors to engage regulators would ensure future rulemaking reflects on‑the‑ground expertise, fostering a more resilient and adaptable compliance environment. Stakeholders from public companies to investors stand to benefit from a modernized SOX that balances rigor with efficiency.