July 24, 2012 | Palo Alto, California: On the tenth anniversary of the Sarbanes-Oxley (SOX) Act, the world is taking stock. What is evident, especially among leading organizations, is that SOX compliance has moved beyond being just a regulatory obligation. Today it is viewed in the context of a larger Governance, Risk, and Compliance (GRC) program that is closely integrated with strategic decision-making, aligned with business goals, and enabled by technology.
Ever since SOX was passed in 2002 with an overwhelming majority in both houses of Congress, reactions to it have been varied. Critics are quick to point out that the Act has imposed a huge and unnecessary cost burden on companies regulated by the Securities and Exchange Commission (SEC). On the other hand, ever since the Act was introduced, investors have demonstrated greater confidence in how companies are managed. Business accountability and transparency have increased while internal controls have become stronger - especially with CEOs and CFOs taking individual responsibility to certify and approve their regulatory filings.
“The SOX Act set in motion a flurry of regulatory activity geared towards building more responsible businesses, and protecting stakeholders. Since then, several major regulations have been introduced in the U.S.,” observes Michael Rasmussen, reputed GRC analyst, and President of Corporate Integrity who, over the last 18 years, has helped numerous organizations across various industries build stronger GRC programs. “SOX compliance initiatives are now being seamlessly integrated with other crucial GRC processes such as policy management, Enterprise Risk Management (ERM), and internal audits.”
Since SOX was introduced in the US, a number of regulations modeled on it have been passed in other parts of the globe - including Euro-SOX in the European Union, Law 262/2005 in Italy, the Corporate Law Economic Reform Program (CLERP 9) in Australia, C-SOX in Canada, and J-SOX in Japan.
The tenth year of SOX happens to coincide with the passing of the Jumpstart Our Business Startups (JOBS) Act. Designed to give emerging companies an economic boost, JOBS cuts back on a number of tough regulatory requirements.
Says Shellye Archambeau, CEO of MetricStream, “JOBS will give growing companies the chance to establish a strong foothold in the market without being overwhelmed by regulatory pressures. But at the end of the day, the people who matter - your stakeholders - will still want to see evidence of strong internal, financial, and IT controls to manage risk. In that sense, SOX is as important as ever. Yet it is no longer the sole reason for establishing stronger controls.”
Leading organizations view SOX as merely one part of an overall governance framework. Their intention in implementing robust policies and controls is not just to pass regulatory compliance exams or audits, but to establish an enterprise-wide culture of accountability, transparency, and risk-resilience.
Another trend in the market is towards automating SOX compliance processes. Organizations are fast replacing spreadsheets and other cumbersome manual tools with innovative technology for automating controls and continuous control monitoring. Better management of risk intelligence and Big Data is being enabled through integration with business applications, security systems, and IT infrastructure. Organizations must also integrate data from mobile devices, cloud applications, and the ubiquitous social media, and map it to enterprise risks and compliance requirements.
Says Keri Dawson, Vice President at MetricStream, “In the initial years of SOX, it was challenging for companies to comply with the stringent requirements for controls, audits, and monitoring. But over the years, they have learned how to not only optimize SOX compliance but also harmonize controls across regulations, integrate SOX with their extended GRC programs, and improve reporting and visibility into compliance for the senior management. More importantly, they have started embedding SOX controls into business processes so that compliance is made more efficient, while the business grows stronger and more risk-resilient.”
Since the SOX Act was passed, MetricStream has provided an innovative and advanced SOX compliance application. Aligned with various standard industry frameworks like COSO, the application helps automate, streamline, and strengthen end-to-end processes for compliance with SOX section 302-304, section 404, financial reporting, internal control assessments and monitoring, financial close, and other important SOX requirements.
The application offers the flexibility to be implemented either on-premise or in the Cloud. In addition, it ships with comprehensive risk and compliance content libraries based on various industry standards and best practices that enable organizations to establish a truly world-class compliance program. The application also provides regulatory feeds from authoritative external sources to help organizations stay updated on regulatory changes and updates.
MetricStream SOX Compliance Application is part of a comprehensive suite of GRC solutions, built on a centralized GRC platform that scales across the enterprise, integrating and harmonizing the complete spectrum of GRC processes - including policy and compliance management, risk management, internal audit management, IT-GRC, supplier governance, EH&S compliance, quality management, and legal GRC. Powerful dashboards and analytics provide real-time visibility into the complete GRC program, empowering stakeholders to successfully integrate their internal audit and risk assurance processes with SOX, and efficiently identify process improvements.