It is a known fact that with the introduction of Sarbanes-Oxley (SOX) act, instances of corporate fraud and scandals have come down drastically. The law has been successful in creating ethical business practices and good governance through internal controls, reports and disclosures within the U.S. and globally.
Although its benefits are now well known, organizations with feeble compliance culture view SOX compliance a challenge. They argue the costs of implementing SOX far outweigh its benefits.
New regulations in processes, quality control and assurance with frameworks like COSO, COBIT, ISO 9000, Six Sigma, TQM, and changing business landscape have made companies wary of adopting SOX. There are also emerging complexities brought by information technology, globalization of organization and expansion of supply chain, which result in increase in entity and process level controls.
Discounting the challenges posed by SOX, companies can gain immensely by actually having SOX onboard. Organizations complying with SOX operate more effectively and efficiently because of better control over finances, regulations, and risks. This, in turn, helps strengthen their business oversights as well as performance.
To gain maximum advantage from SOX, organizations are moving beyond literal compliance by developing internal reforms and adopting policies and practices to expose weaknesses and deficiencies. Companies are starting to consolidate and standardize financial processes, eliminate redundant information, minimize inconsistencies in the data, broaden responsibility for controls, and eliminate faulty controls.
By being SOX compliant, companies can stave off business risks. Companies would do well by converging compliance and security to improve corporate governance. SOX has been credited with bringing in the shift from an emphasis on internal controls and compliance to focus on risk management and its alignment with business objectives and processes for business value.
Companies prefer to have an integrated and consolidated view of their business risks and objectives. By embedding a unified and comprehensive risk management framework into the organization culture, businesses benefit from corporate-wide visibility and transparency in processes, coordination, and timely mitigation. It also increases anti-fraud activities and performance monitoring.
With standard control frameworks such as COSO and COBIT, organizations are strengthening their control structure and improving the association between control and risk. This also helps streamline the documentation of controls and control processes evaluation. Strengthening internal control leads to business benefits like increasingly effective operations, highly reliable financial reporting, and industry-leading compliance programs.
Enactment of SOX led to the establishment of Public Company Accounting Oversight Board (PCAOB) for the assessment of personal liability to auditors, executives and board members and overseeing the management’s accounting decisions. This enabled the audit to be an independent assurance function and ensure the operating effectiveness of an organization’s risk management, governance and internal control processes. This streamlined and reduced the gap between the purpose of an audit and its fulfillment.
These sections are most crucial and also controversial because of the cost and efforts involved. It requires extensive tests of Internal Controls and certification of accuracy from the management. This encourages companies to make their financial reporting efficient, of better quality, centralized and automated. It also helps bring higher accountability for recording of journal entries and public disclosures.
As businesses thrive by creating value, Sarbanes-Oxley Act is a valuable ally in that effort. An effective SOX compliance process acts as a springboard to a more holistic good governance practice and technology provides the competitive edge to business operations.