Sarbanes-Oxley (SOX) Act Compliance
Sustain compliance with systematic and repeatable processes
The Sarbanes-Oxley Act (SOX) mandates a stricter governance model and tighter internal controls. It also raises a number of daunting challenges in documenting all critical operational controls, assessing the effectiveness of these controls, and subjecting the assessment report to the scrutiny of independent auditors. In managing these challenges, corporations spent considerably more than what their budget allowed in the initial years. Going forward, the focus for most CFOs is on sustaining SOX compliance at significantly reduced costs.
Companies are now beginning to shift responsibilities for documentation and testing to process owners, while keeping the overall ownership of SOX compliance with the internal audit group. As a result, SOX compliance is becoming a part of the process owner's daily job, and not a separate project with its own team of internal employees and external consultants.
However, it is difficult for internal audit managers to transfer responsibility to process owners without having clear visibility into the project status, issues, and activities. Before the transfer of responsibility, the entire process of scheduling tests, conducting them, and remedying issues needs to be automated. This will enable the internal audit manager to ensure repeatability over time and across business units. Strict change controls also need to be implemented for processes, controls, and the associated documentation to stay in sync, so that the investments in documentation right from year one of SOX compliance can continue to be leveraged.
MetricStream enables companies to address SOX compliance challenges, and significantly reduce the costs of compliance. Using MetricStream SOX Compliance Management Solution, companies can design, assess, and improve internal controls under the COSO framework, monitor their compliance processes at any level of detail, and easily provide evidence to external auditors that an internal control was tested to the satisfaction of the internal audit group. The solution’s document control capabilities provide a central repository with comprehensive change control capabilities. The solution also provides greater control over and clear visibility into compliance issues, statuses, and plans.
Using the solution, organizations can streamline procedures for surveys and certifications which affirm the strength of internal controls and adherence to policies. This information rolls up to the Executive Management who can review and certify the enterprise risk and control assessments as per SOX 302 requirements.
MetricStream uniquely combines automation and content to deliver this solution to customers. The system supports automated testing with its built-in library of over 1,500 tests, provides embedded best practices that help define control hierarchies, and allows integration of business processes with regulatory notifications and industry alerts.
Improves Process Control: The solution enables consistent financial control processes across the enterprise, eliminating deviations, errors, and redundant activities.
Reduces Compliance Costs: The solution automates information flows, control assessments and testing, and remediation assignments. Compliance costs are thus dramatically reduced.
Enables Better Resource Utilization: Streamlined and automated control management allows many tasks to be moved down the responsibility chain for process owners to take direct responsibility.This gives auditors the opportunity to focus on key control testing and project oversight.
Lowers Risk Exposure: Compliance dashboards and risk heat maps provide complete visibility into the financial control management and compliance process, and highlight important issues that need to be addressed.
Streamlines Change Control: The solution provides integrated document management and change control capabilities which keep documentation and processes in sync. They also significantly reduce documentation changes for ongoing compliance.