< Back

What is the single most challenging Sarbanes-Oxley issue today?

Michael Duffy
President and CEO

As U.S. companies are deep into Year Two of Sarbanes-Oxley compliance, they are re-examining their first year efforts, which included identifying what needed documentation and testing, the inefficient and hard-to-manage manual processes and tools they used and the army of consultants involved, to understand where they can improve and cut costs. Most are finding that taking a rushed initial approach has left them without a comprehensive strategy for ensuring ongoing, cost-effective and efficient governance, risk and compliance management (GRCM). As a result, they must now contemplate revisiting the agonies of high audit costs, expensive consulting sessions and repeating all the work done in Year One. In order to lessen the burden of ongoing compliance costs, forward-thinking companies are beginning to take a more strategic approach to compliance by implementing technology to help automate internals controls reporting and testing and establish a centralized repository of this information to lower costs and make annual compliance a repeatable and sustainable process.

Unanticipated Costs Drive New Approaches
Initially, organizations were focusing their compliance efforts purely on Sarbanes-Oxley. In a recent report, AMR Research found that in 2005 alone, organizations are expect to spend $15.5 billion on a wide range of compliance and risk management programs. AMR also predicts that over the next five years that this amount could increase to $80 billion. This projected increase is being driven by additional reporting requirements, which were initially unforeseen. After spending double their expected compliance budget in their first year of Sarbanes-Oxley compliance reporting, companies discovered that their compliance reporting required additional documentation of internal controls beyond the finance department. Examples of these included IT operations and other areas of the business that affected the financial performance of the company. And as a result, some companies are beginning to implement a broader and more structured businesses strategy to address compliance with an opportunity to establish a more strategic governance, risk and compliance management (GRCM) practice throughout the organization. These companies are recognizing that if they dont begin to address this now, that their compliance costs next year will be at least the same as this year, and possibly higher.

Broader Compliance Requirements Present Strategic Opportunities for Risk Management
Smart companies have also learned that they can leverage their Sarbanes-Oxley compliance efforts to address their broader risk management practices and thereby improve their overall business performance. Now more than ever, management teams are working to create stronger control of operational risks and compliance execution as a way to minimize losses and improve business performance, which is critical to maintaining a positive brand reputation among customers and investors. Having a strong hold over risk management processes is a clear indicator to regulators, customers and investors that leadership is strong within an executive team and that it is being treated with the same sense of urgency as SOX compliance. And finally, the push for improved transparency in financial reporting and increased enterprise-wide accountability by companies who believe they will be stronger and more attractive to investors if they take the opportunity to institute transparency are also realizing the need for strong risk management practices.

To address all these needs, the worlds top organizations are now looking to utilize GRCM-specific technologies to drive inefficiencies out of the compliance process. A powerful, enterprise class application that combines integrated document management, interactive monitoring and compliance automation that scales to thousands of end-users are some of the core capabilities of these types of systems.

Implications to PCAOB Ruling
After receiving criticism and numerous complaints from companies on the impractical costs associated with SOX compliance, the Public Company Accounting Oversight Board recently released guidelines on how companies can reduce their costs and streamline financial reporting efforts. Due to unnecessary costs and requirements that often called for duplicated work, the SEC revamped and clarified portions of Sarbanes-Oxley to help public companies and their auditors comply with internal-controls requirements. The importance of implementing a comprehensive compliance solution to address broader compliance issues, such as operational risk, and aligning it with a companys strategic business plan has been reinforced in light of these new guidelines.

In summary, its clear that the use of technology to automate the process of documenting and reviewing the effectiveness of internal controls will ensure that companies wont repeat the painful and costly processes of their first year of compliance reporting. But technology alone will not be enough to reap the full benefits to be gained. Now is the time to adopt a more strategic approach to compliance. By implementing a GRCM strategy, smart businesses can reduce their ongoing costs, minimize regulatory and operational risk and turn compliance into a repeatable, sustainable, and cost effective process.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY