The IIA Calls for Modernizing SOX to Strengthen Investor Protection and Improve Efficiency
Press Release | Advocacy | March 17, 2026
LAKE MARY, Fla (March 17, 2026) – The Institute of Internal Auditors has released a public policy position paper outlining recommendations to modernize the Sarbanes-Oxley Act (SOX). As Congress considers evaluating the effectiveness and cost of SOX compliance, the paper offers practical recommendations to help regulators strengthen investor protections while improving operational efficiency.
“Since its enactment more than two decades ago, SOX has served as a cornerstone of corporate governance, financial reporting integrity, and confidence in U.S. capital markets,” said Anthony Pugliese, President and CEO of The IIA. “As the risk landscape continues to evolve, it is important that SOX evolves with it. Policymakers and governance leaders have an opportunity to ensure the law continues to protect investors and strengthen financial markets while also promoting greater efficiency and reducing unnecessary compliance burdens.”
A central theme of The IIA’s recommendations is the importance of better integrating the internal audit profession into the SOX framework. Despite the critical role internal audit functions play in supporting SOX compliance and strengthening internal controls, the law does not formally define or recognize internal auditing. This lack of clarity can create operational inefficiencies, duplicative efforts, and unnecessary costs.
To address these challenges, The IIA outlines five key recommendations for policymakers should Congress examine potential updates to the law:
- Enhance legal and regulatory clarity by codifying the definitions of “internal auditing” and the “internal audit function” and recognizing the profession’s standards, roles, and responsibilities in providing assurance to governing bodies and executive management while supporting SOX compliance.
- Re-examine contemporary understandings of compliance in relation to Sections 302 and 404 of SOX, with particular attention on the role internal audit functions play in helping organizations meet these requirements.
- Strengthen the partnership between internal and external auditors to improve coordination across the broader assurance ecosystem.
- Explore opportunities for SOX compliance cost reductions, including through the use of emerging technologies and more effective collaboration with internal audit functions.
- Encourage deeper engagement between regulators and the internal audit profession, ensuring that internal auditors have a voice in policy discussions and that stakeholders better understand the value internal audit provides in protecting investors and capital markets.
The IIA remains committed to serving as a technical resource to Congress and federal regulators as they consider the future of SOX and opportunities to strengthen U.S. capital markets.
For additional information and resources related to SOX, policymakers and their staff may contact The IIA’s Advocacy team at advocacy@theiia.org.
About The Institute of Internal Auditors
The Institute of Internal Auditors (The IIA) is an international professional association that serves more than 265,000 global members and has awarded more than 200,000 Certified Internal Auditor® (CIA®) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession’s leader in standards, certifications, education, research, and technical guidance. For more information, visit theiia.org.