Sarbanes-Oxley Act (SOX): Federal law that establishes requirements for internal control testing and documentation, including Section 404 requirements for management's assessment of control effectiveness and internal control requirements
FFIEC Guidelines: Federal Financial Institutions Examination Council guidelines covering transaction testing standards, sampling methodologies, and risk assessment requirements
Generally Accepted Auditing Standards (GAAS): Professional standards that outline requirements for conducting audits, including documentation requirements and testing procedures
IIA Standards: Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing, providing testing methodology guidelines and documentation requirements
Bank Secrecy Act (BSA) and AML Requirements: Regulations governing transaction monitoring requirements and sampling requirements for suspicious activity detection and anti-money laundering compliance
Industry-Specific Regulations: Sector-specific requirements including Federal Reserve regulations for financial institutions, SEC requirements for public companies, HIPAA for healthcare, and PCI DSS for retail
State-Specific Audit Requirements: Variable requirements depending on the state where business operates, including state-specific financial regulations and audit standards
Foreign Corrupt Practices Act (FCPA): Federal law governing international transactions, including anti-bribery provisions and books and records requirements for companies operating internationally
