While many management teams, board of directors, audit committees see Sarbanes-Oxley Act of 2002 as an administrative and compliance exercise, we encourage companies to think outside-the-box and use the regulation as an excuse to improve business processes.
While many management teams, board of directors, audit committees see Sarbanes-Oxley Act as an administrative and compliance exercise, we encourage companies to think outside-the-box and use the regulation as an excuse to improve business processes.
Forward thinking companies are indeed leveraging the Sarbanes-Oxley 404 compliance requirements to define a higher standard in financial reporting, ensuring that their companies deliver on these 5 key "value drivers":
Let us discuss the key "value drivers" of Sarbanes-Oxley in greater details.
The spirit of SOx 404 is to create a company-wide culture and process to fundamentally enhance the quality of financial reporting. For example, while in the past, companies may have reported based on certifications from regional business heads on the accuracies of their P&L, moving forward, the certifications must cascade through to the entities involve in the entire financial management process. This fundamentally requires more global collaboration and oversight from the Board, Executive committees, auditors, and business unit heads and line organizations through out the global organization.
Internal and external audit are still viewed as once a year or once a quarter events, which is a necessary "evil" to ensure compliance with the SEC. Many companies are now realizing that the audit functions can, if developed properly, result in significant improvements in corporate risks. Early visibility into key financial and corporate risks, most often means lower cost of overall risk management. Practitioners of six-sigma and quality management have always propagated the well studied quality principle that process errors, found earlier in the process lifecycles can be remediated at significantly lower costs than the ones found later in the lifecycle. The same applies to corporate risks, the sooner we identify material deficiencies in the internal controls, the lower the cost of remediation.
Here are some simple best practices to run your internal audit operations.
There is no prescribed methodology in best managing your internal control deficiencies and remediation. However, in a large company, one may aggregate over thousands of internal control deficiencies of varying severity and magnitude. The key question that comes in front of the practitioners of compliance is to best summarize and assess the risks associated with the deficiencies. Strong collaboration is required across different groups to understand patterns of deficiencies and to put proactive remedies in place.
This one is hardest to prove or disprove. Yet, logical arguments suggests that as one lowers the overall risk and variance in key business and financial processes, it creates more predictable process outcomes. Processes with high variabilities are inherently riskier and less repeatable for consistent performance. As a financial manager, chartered to deliver greater return on equity, it is critical to reduce the cost of risk management. As companies create comparative business process advantages, they are inherently better situated to manage risks at lower costs, thereby delivering greater risk-adjusted returns on their equity.