< Back

What is the single most challenging Sarbanes-Oxley issue today?

Mark Opausky
Business Propulsion Systems

Simply stated, SOX's biggest roadblock within a large organization has to do with the shift in culture that involves thinking of your job in terms of risk to the organization at large.

Doing this across the enterprise challenges the operational or disciplinary silos that have been long held in most organizations. In most large organizations regulatory compliance falls on the shoulders of the audit department, which reports to the CFO.

More and more, we are seeing the title of Chief Compliance Officer, or Chief Risk Officer, and they are responsible for all things related to complying with such regulations as SOX, HIPAA, GLBA, Regulation FD and more. Of course with SOX, more than the CFO needs to ensure that the organization is in compliance. Other titles where it is their job to make sure compliance is achieved are of course the CEO, President, and board members as well.

We all know that as for accountability, SOX requires public company CEOs and CFOs to certify that the financial statements their companies issue are accurate. But imagine how challenged they must be when you consider that 80% of U.S. workers have never heard of SOX and only 9% say they have been asked to do something differently in their jobs as a result of SOX, says Hudson Financial Solutions survey.

The point here is that SOX is everybodys job, not just the finance teams role. If the information provided to the SEC is wrong, then criminal, as well as civil penalties can result. That would have a major impact on a company, and ultimately cost people at all levels their jobs.

Because any enterprise is only as strong or as ethical as its weakest or most unethical employee, the blame for a poor control environment must be shouldered throughout the entire organization. This means the entire organization, and each and every person who works there, should be tuned in to internal control  tuned into SOX.

In todays work environment, employees often work in narrowly defined roles that might actually fly in the face of and even negate the bigger picture of corporate accountability. In order for strong controls to be an integral part of day-to-day operations, management must take steps to ensure theres a clear organization-wide understanding and appreciation of the important elements of control  the control environment, risk assessment, control activities, information and communication.

Whats needed is a holistic unified approach, to understanding and repairing a risk control structure. For example, departments within the company need to agree on what standards they will use to assess risk and to identify priorities for process improvement.

For instance, Internal Audit may view SOX compliance from one set of lenses, while the CFO might look at it from still another set.

The second thing that will need to be achieved is to build a recurring process around the compliance processes, to institutionalize them and drive change throughout the organization. Large institutions that embrace compliance need to do a good job at it in such a way so as to have it work for them.

Compliance is mostly about establishing and formalizing best practices based on a set of formal regulations. Compliance is the process of adhering to a set of guidelines or rules established by government agencies, standards groups or internal corporate policies. Adhering to compliance-related requirements can be challenging for some of the following reasons:

• The regulations are new, so no blueprint to follow

• Staff may not see the entire view of regulations and may only focus on one aspect, with the result of missing out on other regulations

• Regulations can overlap, or even conflict, so its difficult to decide what process to follow

• Different countries may have different rules that may create conflicts

• Regulations can change over time and systems to meet new code will need to be updated as well

Based on a review of the above, compliance becomes a continuous process that will need to not only meet the wide variety of regulations, but also help make the business more efficient as a result.

The bottom line is from now on, a significant part of a companys budget and resources will be spent on ongoing compliance initiatives. The trick is how to turn compliance into a system that can be part of everyones job to drive the business forward AND meet with regulations.

Mark Opausky is the CEO and founder of BPS.

In 2000, Mr. Opausky was the originator of the Convergence Process Model, a lean-process, conceptual approach to working with risk in dynamic business environments. Previously, Mr. Opausky directed global client and program management for large scale engineering companies, including Dana Corporation and Echlin Incorporated.

Mr. Opausky managed product portfolios in excess of $200 million on behalf of DaimlerChrysler, Ford, General Motors, and others. He currently writes and speaks about effective process and project execution and the role of technology in governance, risk, and compliance. He was nominated 2003 Entrepreneur of the Year by Ernst and Young.

Mr. Opausky was educated at McMaster University in Canada where he graduated with distinction with a bachelor of engineering majoring in biomedical and device material processing.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY