Benefits of linking SOX requirements to business strategy
The Sarbanes-Oxley Act was a motion made by U.S. Congress in 2002. The proposal was passed into law as a preventative means to increase financial transparency and mitigate fraud in corporate business. This law was a reaction to corporate scandals such as Enron, Tyco and WorldCom. While this law created a huge burden on organizations, many found ways to use SOX and apply it to their business strategies.
Criteria for SOX
Sarbanes-Oxley, often referred to as "SOX", is a corporate governance edict that has specific criteria companies must adhere to, or face a stiff penalty. The law affects all publicly traded companies that fall under the jurisdiction of the U.S. Securities and Exchange commission; any company that is traded on any U.S. stock exchange must follow SOX requirements.
Additionally, companies that generate $75 million or more in market capital must also comply with SOX. Foreign companies are not exempt, any business that operates or resides out of U.S. territory, but is listed for trade on American stock exchanges must also observe SOX regulations.
Businesses thrown a curve
This law, and the requirements that came with it threw a huge curve to many businesses because of the high costs and procedural changes associated with bringing up business processes to reflect compliance. The high initial expenses involved with implementing new accounting procedures and documenting transactions was a burden for many companies, but one that had to be done in order to be compliant with SOX. This meant businesses needed to create the best practices for compliance with SOX and find ways for these processes to be cost-effective at the same time. Linking compliance with business strategy is one way to do this.
Linking SOX to business strategy
Section 404 of the legislation is of particular concern to businesses. This section stipulates companies must create internal controls on financial reporting and perform external auditing as a control to determine whether or not established internal controls are sufficient.
Despite the fact Section 404 of SOX does not specifically address technology, it is almost a given in today's modern business environments that technology is used for most business processes.
Kevin Beaver, of TechTarget, states, "Although section 404 is extremely vague in outlining what's needed for internal controls, it is generally accepted that a broad range of information security controls is necessary; the most critical component being assuring the integrity of financial information."
As a result, technology plays a chief role in reporting for SOX, and it is in this area that companies can be both compliant and simultaneously attain a competitive advantage. Strategically, the same technology used for SOX reporting can be utilized to improve business processes, increase efficiency and even improve on risk management. Businesses that can preserve a solid level of internal controls and general security of information technology resources will generally have fewer issues meeting SOX stipulations.
For instance, a company that sets internal access controls to regulate individual for access to particulars of financial information creates audit trails that log all activity; this increases integrity. In addition, IT can significantly help manage data retention, control, backup, and the disposal of data no longer needed. Due to privacy and security needs, protecting data is of importance to businesses and companies can use the same technology processes to cover both SOX and security concurrently. Basically, linking these needs together can be likened to the proverbial two birds with one stone adage.
Implement better control measures
Through maximizing the capabilities of information technology, a business can implement stronger control measures than with paper methods of data management. Automation formalizes and wields control over processes, and provides the ability to create an audit trail; this puts the company in a better place to illustrate accountability. When IT is put into practice with strategy and care, the technology can essentially track SOX compliance and both internal and external auditors can see what they need. This would be virtually impossible through paper records.
Being SOX has specific needs which must be met to satisfy auditing requirements, utilizing technology can help better develop the effectiveness, accuracy and reliability of financial information for required reporting. Since businesses have to protect their data from a strategic standpoint, it makes perfect sense to use the same practices and eliminate redundancy.
At first, the adjustment to SOX was hard for companies, but over time many businesses have realized there are plenty of opportunities embedded within having to restructure task processes in order to meet compliance laws. It appears compliance laws are going to remain a part of the future, and businesses who fall out of compliance will find themselves faced with non-compliance penalties. However, those companies that can implement best practices for SOX and link these to their overall business strategy can find themselves with a winning investment that not only satisfies all criteria but is cost feasible.