Section 404 of SOX requires management’s development and monitoring of procedures and controls for making their required assertion regarding the adequacy of internal controls over financial reporting as well as the required attestation by an external auditor, regarding management’s assertion. Section 302 deals with management’s quarterly certification of not only financial reporting controls, but also disclosure controls and procedures. The Act in itself places the responsibility for the compliance of the provisions with the management, which in no case be delegated or abdicated. Although the internal auditors are required to be extensively involved in the SOX project owing to the fact that the project falls within the natural domain of internal auditor’s expertise they are not directly responsible for its compliance as the Act does not place any responsibility on the internal auditors. However, for all practical purposes the internal auditor shall support the management in the discharge of these responsibilities. The internal auditor’s role in the organization for complying with SOX can be significant, but it should be compatible with the overall mission and charter of the internal audit function. Regardless of the type and level of involvement, it should not impair the objectivity and capabilities of the internal audit function for covering major risk areas of their organizations. Thus the internal audit function’s role should be one of support through consulting and assurance.