Enabling Sarbane Oxley Compliance

By Earl Powers
Sarbanes Oxley compliance is not a one-day, a one-month, or even a one-year project.

Instead, Sarbanes Oxley compliance should be built into your corporate infrastructure as early as possible when you begin making changes. The more quickly you transition your business into long-term strategy change, the better you're going to be able to control Sarbanes Oxley compliance issues.

There are a number of issues you can expect to impede this process:

Project mindset - Your managers will probably look at Sarbanes Oxley compliance as a project with a clearly definable endpoint. This is not at all the case. The more quickly you can move to change their attitude, the more likely you'll have a clear and simple transition into the new way of doing business. You can use such items as continual education and newsletter updates as ways to show your managers that you expect Sarbanes Oxley to change the way they do business forever.

Manpower issues - Sarbanes Oxley compliance is not friendly to businesses who are trying to streamline their workforce. Though you may have to increase the size of your employee pool at the beginning of your Sarbanes Oxley compliance process, you can expect this pool to decrease as you gradually fold Sarbanes Oxley compliance methodologies into your normal way of doing business. Sarbanes Oxley Site

Poorly-defined roles in internal control - if you don't clearly lay out responsibilities such as auditing, accountability, and project management, your Sarbanes Oxley compliance tasks are going to be needlessly complicated. You should also make it very clear whose roles it will be to see to the Sarbanes Oxley rollout and to whom these people will be ultimately answerable.

Improvisational approaches - Jumping into Sarbanes Oxley compliance will simply not work. You need to step back and plan how you're going to be incorporating the structures and requirements of Sarbanes Oxley into your daily work routines. And once a plan has been defined, you must follow the plan, and ensure everyone else is also following it.

Underestimating the Impact to Technology - Sarbanes Oxley would simply not have been possible twenty years ago. Technology is critical for your compliance with this act. You can expect to make significant technology investments as you proceed to implement Sarbanes Oxley compliance. Investments will cover such things as sustainable compliance with repository, work flow, and audit trail functionality. In addition, your internal control monitoring and reporting will depend heavily on technology. At some large corporations, it might be worth looking into hiring another full-time IT person who has been specifically trained in implementing and maintaining Sarbanes Oxley technological infrastructure.

Ignored Risks - Risk assessment is vital in Sarbanes Oxley compliance. One of the first meetings you should have as you implement Sarbanes Oxley compliance is one on risk management. Inadequately assessing risk can lead to serious financial reporting errors that can render your investment in training and compliance useless.

Successful Sarbanes Oxley compliance

Your framework for sustained Sarbanes Oxley compliance should include the following:

* Effective, efficient evaluation of testing, remediation, monitoring, and reporting controls
* Integration of financial and internal control processes
* Proper use of technology to comply with Sarbanes Oxley requirements
* Clear roles and responsibilities, a solid chain of command, and assigned accountability
* Continual education and training in Sarbanes Oxley compliance
* Adaptability and flexibility to respond to Sarbanes Oxley compliance-induced changes

About the Author:

Earl Powers, US Lawyer and Segregation Of Duties expert - focusing on Sarbanes Oxley and Sarbanes Oxley Bill