Sarbanes-Oxley (SOx) Act Compliance
Sarbanes-Oxley Act (SOx) mandates a stricter governance model and tighter internal controls. Facing a daunting challenge in documenting all critical operational controls, assessing the effectiveness of these controls, and subjecting the assessment report to the scrutiny of independent auditors, corporations spent considerably more than their budget in year 1. For year 2, the focus for most CFOs is on sustaining SOx compliance at significantly reduced costs.
To reduce costs, companies are beginning to shift responsibilities for documentation and testing to the process owners, while keeping the overall ownership of Sarbanes-Oxley compliance still with the internal audit group. As a result, SOx compliance will become a part of the process owner's daily job and not a separate project with its own team of internal employees and external consultants. However, it is difficult for internal audit manager to transfer responsibility to process owners without having clear visibility into the project status, issues and activities at all times. In addition, before this transfer of responsibility, the entire process of scheduling, testing and remediation needs to be automated, so the internal audit manager can ensure repeatability over time and across business units. In addition, strict change control needs to be implemented for processes and controls and associated documentation to stay in sync (once it becomes integrated with daily operational processes), so that the investments in year 1 in documentation can continue to be leveraged.
MetricStream enables companies to address the above issues and enable companies to significantly reduce their cost of Sarbanes-Oxley Section 404 (SOx 404) compliance. Using MetricStream SOx solution, companies can design, assess and improve internal controls under the COSO framework, monitor their compliance processes at any level of detail and easily provide evidence to the external auditors that an internal control was tested to the satisfaction of the internal audit group. Its document control capabilities provide a central repository with comprehensive change control capabilities. The Sarbanes-Oxley Act compliance solution also provides greater control and clear visibility into issues, status and plans to all stakeholders.
The solution supports procedures for surveys and certifications for affirming the strength of the internal controls and adherence to policies. This information rolls up to executive management who can review and certify overall risk and control assessment for the
enterprise as per Sarbanes-Oxley Section 302 (SOx 302) requirements
.
MetricStream uniquely combines automation and content to deliver this solution to customers. The system supports automated testing with its built-in library of over 1,500 tests, provides embedded best practices content that helps define control hierarchy, allows integration of business processes with regulatory notifications and industry alerts.
Improved Control on the Process: Consistent financial controls process across the enterprise eliminating any deviations and errors as well as redundant activities.
Reduced Compliance Costs: Automated information flows, assessments and testing, and remediation assignments dramatically reduce over all compliance costs.
Better Resource Utilization: Streamlined and automated controls management allows moving many tasks down the responsibility chain enabling process owners to take direct responsibility for managing internal controls while auditors can focus on testing key controls and project oversight.
Lower Exposure: Compliance dashboards and risk heat maps provide enterprise-wide visibility into the financial controls management and compliance process and highlight issues that need to be addressed.
Streamlined Change Control: Integrated document management with change control capabilities keeps documentation and processes in sync and significantly reducing the amount of redo of documentation for ongoing compliance.
