Sarbanes-Oxley Act (SOX) 2002: Key federal legislation that sets requirements for public company boards, management, and public accounting firms. Particularly important are Sections 302 and 404 which address corporate responsibility for financial reports and assessment of internal controls.
Dodd-Frank Wall Street Reform: Comprehensive financial reform legislation passed in response to the 2008 financial crisis, affecting internal audit requirements for financial institutions and public companies.
FDICIA: Federal Deposit Insurance Corporation Improvement Act which requires annual management assessments of internal control over financial reporting and external auditor attestation.
Bank Secrecy Act (BSA): Key regulation for financial institutions requiring internal controls and audit procedures to prevent money laundering and ensure financial crime compliance.
HIPAA: Health Insurance Portability and Accountability Act that sets standards for protecting sensitive patient data, requiring specific internal audit procedures in healthcare organizations.
SEC Regulations: Securities and Exchange Commission regulations governing public companies, including requirements for internal controls and financial reporting.
Federal Acquisition Regulation (FAR): Comprehensive set of rules governing the federal government's purchasing process and requirements for government contractors' internal control systems.
IIA Standards: Institute of Internal Auditors' International Professional Practices Framework providing guidance for internal audit profession and practices.
GAAS: Generally Accepted Auditing Standards providing framework for conducting financial statement audits by internal and external auditors.
COSO Framework: Committee of Sponsoring Organizations framework providing comprehensive guidance on internal control, enterprise risk management, and fraud deterrence.
State Corporate Governance Laws: Various state-specific regulations governing corporate operations and internal control requirements.
Data Privacy Laws: Including state data breach notifications laws, CCPA, and GDPR considerations for handling personal data in audit processes.
FCPA: Foreign Corrupt Practices Act requiring companies to maintain accurate books and records and implement adequate internal accounting controls.
AML Regulations: Anti-Money Laundering regulations requiring specific internal control and audit procedures to prevent financial crimes.
Whistleblower Protection Laws: Federal and state laws protecting individuals who report violations, requiring specific internal audit procedures for handling reports.
ISO 31000: International standard providing principles and guidelines for effective risk management, important for internal audit risk assessment.
ERM Framework: Enterprise Risk Management framework providing integrated approach to identifying, measuring, and managing organizational risks.
