The Sarbanes Oxley Act of 2002 (SOX) served to focus auditors' attention, and users' and managements' as well, on internal control.
Was SOX right in identifying internal control as the solution to management fraud? Do you believe the added requirements to report separately on internal control are necessary? Do you think they have worked? And will they work in the future?