< Back

What is the single most challenging Sarbanes-Oxley issue today?

Ted Frank

A Rash Approach to Pain Management"  "Many companies are approaching compliance blinded by the pain, which drives them towards a solution-in-a-box approach for a too narrowly defined and over-simplified problem."

The biggest problem is a natural human behavior that we all see time and time again - people in pain tend to treat the symptom versus the root cause. We'd all likely agree that SOX compliance is a material source of pain that we want to go away as quickly, simply and effectively as possible. However, there appear to be widely varying approaches to pain management. Not surprisingly, there are many companies hyper-focused on SOX or even components of SOX (such as section 404) taking a niche project approach and making decisions without considering the root requirements of effective and sustainable governance, risk and compliance ("GRC") management. The remarkable question "Does your solution come with a pre-populated COSO framework?" is often asked when discussing solutions, as if there is enough process consistency among companies and SEC/PCAOB clarity that a TurboTaxTM-equivalent solution is a viable option.

If only it were that simple! In fact, companies will not be well served treating SOX as a short term problem with a "solution in a box" mentality, for SOX and other compliance requirements are ongoing, evergreen processes. An astounding 50% of companies in a recent poll conducted by our company communicated that their current solution will need to be replaced due to functionality inadequacies  and this is only within the context of SOX. The cost of such action will be equally astounding and could have been avoided. Creating these sustainable, evergreen processes requires thoughtful consideration of the consistent characteristics of such processes and the associated security, change management, periodicity, integration and other requirements. The decisions made today regarding process and technology will have substantial impact on the long-term cost of not only SOX compliance but of overall GRC management and our performance as corporate leaders. If as a corporate leader, you are not intimately involved in these strategic decisions, you're not taking seriously your governance obligations. The ramifications are great.

There are a few basic questions you can ask your team to evaluate whether they are treating the symptom or the cause: How will the process work next year? How does the solution adapt or change as our organization changes through acquisition, divestiture or organic growth? How will the SOX solution contribute information to business performance? How will the solution support [insert another compliance specific to your company here]? No answers or clearly inadequate answers should be material cause for concern. Those of us who think about GRC every day believe we are at the cusp of an amazing evolution of GRC technology that will require deep understanding of these types of GRC processes (the root cause) and a commitment to building a consistent, sustainable and adaptable framework that can be tailored to the unique way in which your business operates. Investing the time now to understand the root cause will yield significant dividends in the short and long term.

Ted Frank is the CEO of Axentis, LLC., a provider of managed service software to address specific compliance problems as well as enterprise-wide GRC initiatives. Axentis Enterprise helps companies manage financial, operating and regulatory risk, implementing processes that improve business performance and increase shareholder value. Axentis has more than 500,000 users in more than 100 countries.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY