Benefits of linking SOX requirements to business strategy
The Sarbanes-Oxley Act was a motion made by U.S. Congress in
2002. The proposal was passed into law as a preventative means to increase
financial transparency and mitigate fraud in corporate business. This law was a
reaction to corporate scandals such as Enron, Tyco and WorldCom. While this law created a huge burden on organizations, many found ways to use SOX and apply it to their business strategies.
Criteria for SOX
Sarbanes-Oxley, often referred to as "SOX", is a
corporate governance edict that has specific criteria companies must adhere to,
or face a stiff penalty. The law affects all publicly traded companies that
fall under the jurisdiction of the U.S. Securities and Exchange commission; any
company that is traded on any U.S. stock exchange must follow SOX requirements.
Additionally, companies that generate $75 million or more in
market capital must also comply with SOX. Foreign companies are not exempt, any
business that operates or resides out of U.S. territory, but is listed for
trade on American stock exchanges must also observe SOX regulations.
Businesses thrown a curve
This law, and the requirements that came with it threw a
huge curve to many businesses because of the high costs and procedural changes
associated with bringing up business processes to reflect compliance. The high
initial expenses involved with implementing new accounting procedures and
documenting transactions was a burden for many companies, but one that had to
be done in order to be compliant with SOX. This meant businesses needed to
create the best practices for compliance with SOX and find ways for these
processes to be cost-effective at the same time. Linking compliance with
business strategy is one way to do this.
Linking SOX to business strategy
Section 404 of the legislation is of particular concern to
businesses. This section stipulates companies must create internal controls on
financial reporting and perform external auditing as a control to determine
whether or not established internal controls are sufficient.
Despite the fact Section 404 of SOX does not specifically
address technology, it is almost a given in today's modern business
environments that technology is used for most business processes.
Kevin Beaver, of TechTarget, states, "Although section 404 is extremely vague in outlining what's needed for internal controls, it is generally accepted that a broad range of information security controls is necessary; the most critical component being assuring the integrity of financial information."
As a result, technology plays a chief role in reporting for
SOX, and it is in this area that companies can be both compliant and
simultaneously attain a competitive advantage. Strategically, the same
technology used for SOX reporting can be utilized to improve business
processes, increase efficiency and even improve on risk management. Businesses
that can preserve a solid level of internal controls and general security of
information technology resources will generally have fewer issues meeting SOX
stipulations.
For instance, a company that sets internal access controls
to regulate individual for access to particulars of financial information
creates audit trails that log all activity; this increases integrity. In
addition, IT can significantly help manage data retention, control, backup, and
the disposal of data no longer needed. Due to privacy and security needs,
protecting data is of importance to businesses and companies can use the same
technology processes to cover both SOX and security concurrently. Basically,
linking these needs together can be likened to the proverbial two birds with
one stone adage.
Implement better control measures
Through maximizing the capabilities of information
technology, a business can implement stronger control measures than with paper
methods of data management. Automation formalizes and wields control over
processes, and provides the ability to create an audit trail; this puts the
company in a better place to illustrate accountability. When IT is put into
practice with strategy and care, the technology can essentially track SOX
compliance and both internal and external auditors can see what they need. This
would be virtually impossible through paper records.
Being SOX has specific needs which must be met to satisfy
auditing requirements, utilizing technology can help better develop the
effectiveness, accuracy and reliability of financial information for required
reporting. Since businesses have to protect their data from a strategic
standpoint, it makes perfect sense to use the same practices and eliminate
redundancy.
At first, the adjustment to SOX was hard for companies, but
over time many businesses have realized there are plenty of opportunities
embedded within having to restructure task processes in order to meet compliance
laws. It appears compliance laws are going to remain a part of the future, and
businesses who fall out of compliance will find themselves faced with
non-compliance penalties. However, those companies that can implement best
practices for SOX and link these to their overall business strategy can find
themselves with a winning investment that not only satisfies all criteria but
is cost feasible.
Additional sources:
http://www.soxlaw.com/index.htm
Additional sources:
http://www.soxlaw.com/index.htm
Comments
Post a Comment