Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
The techniques that helped a manufacturer reduce the cost of staying compliant with ISO9000 will also enable a CFO to sustain SOX 404 compliance at significantly lower costs.
History repeats itself. CFOs looking to reduce the cost of sustaining SOx compliance look no further than their Quality Management organization. The techniques that helped a manufacturer reduce the cost of staying compliant with ISO 9000 will also enable a CFO to sustain SOx 404 compliance at significantly lower costs.
When US manufacturers started implementing the quality management standard - ISO 9000, the initial cost of compliance was very high. Every process had to be documented, almost every employee had to be trained and change control procedures for process and documentation had to be put in place. As a result, ISO 9000 certification and its ongoing compliance were widely assumed to be only fit for companies with lots of resources. However, as time went by a process-based approach to the job became a part of company's DNA. Overlay resources (external consultants) were no longer needed to perform documentation and change control activities. By making these activities a part of the day-to-day job of every employee, the overhead associated with these activities dropped significantly. Today, it is hard to find a 'preferred supplier' in America who is not compliant with ISO 9000. These companies have sustained compliance at significantly lower costs than estimated earlier. A study co-produced by McGraw-Hill and Dun & Bradstreet shows that about 25 percent of all ISO 9000-registered companies have less than 150 employees, and 29 percent of registered companies have between 150 and 500 employees. In other words, more than half of ISO 9000-registered companies in the United States are considered small and medium-sized businesses.
In order to sustain ISO 9000 compliance, these companies have successfully implemented the following practices within their environment:
Such practices have become completely embedded inside the daily work activities of employees at these companies. In addition, most companies have implemented compliance software to ensure document management/change control and to streamline the audit management, issue tracking, closed loop corrective action deployment and management reporting processes. As a result, the cost of sustaining ISO 9000 compliance has reduced further.
Drawing upon the experiences gained from reducing the cost of ISO 9000 compliance, CFOs/SOx program managers must ensure the following:
While the above steps can be implemented using a spreadsheet-based manual process, it is highly recommended that the organization invest in a software system that addresses the above-mentioned requirements.
By learning from the experience of an ISO 9000 implementation and embedding the steps listed above in the employee's daily work, SOx Program managers can deliver SOx compliance at significantly lower costs.