Since the Sarbanes-Oxley Act of 2002 (SOX) was enacted, there have been significant developments in technology, methodology, and business and operating environment; however, the SOX program at many companies may not have evolved at the same pace, or at all. Through modernization, a company can optimize its SOX program, achieve efficiencies, extract value and insights, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.
It’s time to refresh and rethink SOX
Many programs and processes at companies can succumb to the proverbial saying, “If it ain’t broke, don’t fix it.” This can be exacerbated by competing priorities due to an evolving business environment, new or revised regulatory requirements, changing technology, and so on. For many public companies, the program established to comply with the regulatory requirements of SOX may have also fallen into a “rinse and repeat” pattern.
A SOX program that has not been challenged in years may be stale, which could be a drain on resources and impede performance, particularly if this compliance program is treated more like a “check-the-box” activity.
After having an established SOX program for years, especially one that may not have kept up with the pace of change, it’s time to refresh, rethink, and modernize. Through modernization, a company can optimize its SOX program, achieve efficiencies, extract value and insights to share with other areas of the organization, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.
Operating model optimization
An established governance structure and clear accountability are fundamental to an effective operating model. Defining the overall governance structure of the SOX compliance program can help to ensure there is oversight by those resources with the appropriate skill set and level of authority to drive the strategic vision of the SOX program while defining roles and responsibilities can help drive accountability throughout the company.
After years of complying with SOX, some companies may no longer perform a robust risk assessment through a critical lens. Refreshing the risk assessment can help to determine if there is a shift in which areas that company should focus on due to new or changed risks. There may also be an opportunity to harmonize risk assessment efforts across other compliance activities throughout the organization.
Technology and automation opportunities
Identifying opportunities to automate and digitize can support a company’s efforts to modernize its SOX program. Options for automation include automating control testing, automating control operations, automating an entire process, and implementing a governance, risk, and control (GRC) tool.
Where to go from here
By refreshing and modernizing the SOX program, a company can identify opportunities to increase efficiency, shift focus and efforts to areas that matter most, potentially reduce the cost of compliance, and extract value and provide insights to other areas of the organization beyond finance and accounting, all while still achieving compliance.
Please click here to learn more.