Understanding, experience and technology for success
SOx Compliance Environment
Over the last 12 months, we at MetricStream have informally and formally talked to number of professionals in quality, compliance, internal audit, SOx program office, finance and external audit. Three major themes have emerged during our interactions with customers, prospects, and analysts.
First, there are significant benefits associated with the automation of control management, documentation, and testing process. Companies have seen improvements in internal controls, reconciliations and segregation of duties. While horror stories abound on failed SOx projects and systems, when done right, with the right tools, companies have been able to achieve greater SOx compliance at significantly lower costs while delivering operational benefits to the businesses.
Second, in almost all situations we have seen that the regulatory compliance costs will continue to be unmanageable or in many cases rise, if proper initiatives are not undertaken now. All this becomes more critical as we start to look at the subsequent years of SOx compliance, when most CFO's are moving from "compliance at all costs" to "compliance at reduced costs". Best in class companies are proactively approaching cost efficient strategies like control rationalization, sharing SOx cost across divisions and business units, leveraging automation tools, using cost-effective document management and creation processes to lay the foundation of sound SOx practices.
Third, control improvements have to become a continuous process rather than a one time "project approach". Companies are paying particular attention to a well thought out control environment, one that makes sense to their business. Control environment, which can be managed within your SOx compliance budget. Last year, companies over extended their internal audit departments, used improvisational approach, to get things done. Moving forward, a well-planned approach must be taken, to create greater efficiencies and enjoy greater control and benefits. Furthermore, management has to embed the SOx control, effectiveness, testing operations into the DNA of the company, so that internal audit can focus on their core mission - to provide "objective" assessment of management controls.
Fourth, changes in business are a given fact. Increased M&A, divestitures; new lines of businesses, new accounting laws, increased focus on international markets, are all realities that are here to stay. Good internal control programs enable companies to change with the time, still ensuring the critical SOx compliance along the way.
10 Step Guide: Sustained Compliance
A well-designed SOx compliance program almost always follow the 10 step guide:
To further validate the significance of quality improvements, from MetricStream customers, many of our customers are keen to attain SOx 404 compliance while delivering greater quality improvement for the business. Our customers are linking their operational quality initiatives (FDA compliance, ISO, Six-sigma, OSHA, EPA, Regulatory affairs) with the SOx 404 compliance so that operational business benefits can flow across all compliance and quality initiatives across the company.
As we look at year 2 of SOx compliance, businesses which follow the 10 Step guide, outlined above, will see significant improvement in their SOx compliance program. Embracing this 10 Step process will ensure higher SOx compliance and greater quality and operational benefits at a signifcantally lower compliance cost.
As always, I would appreciate any feedbacks on the methodology and the guide. Hope this makes our year 2 of compliance, a bit less cumbersome!