Making It Happen
SOX regulations and implementation have provided a series of best practices to help companies improve risk, control, and governance, even if technically they are not required to comply.
-
Identify and remove conflicts of interest that affect your business. These can involve auditors, management, the board, vendors, outside consultants, etc.
-
Ensure that your external auditors and internal auditors are independent by having their continuing employment, performance rating, and compensation determined by the audit committee or board.
-
Help to ensure that financial disclosures are transparent and fairly describe the organization’s performance by using a disclosure committee and management representation letters.
-
Insist on a robust top-down risk assessment of financial reporting processes. The extent of testing to perform (the primary cost-driver) can then be determined appropriately.
-
Capture risk and control information in compliance database software. User-friendly software that can be customized and administered by non-IT personnel is available at very reasonable prices.
-
Establish risk committees at the senior management and board level. These committees can direct risk management efforts and help the audit committee to focus on financial reporting matters.
-
Develop reporting of operating metrics that are predictive of financial results and share it with the audit committee and board.
-
Communicate periodically to the audit committee any significant deficiencies identified (financial or otherwise) and management’s progress towards remediating them.
-
Use the financial reporting effort and framework to initiate or improve an ERM program.
Notes
1 Office of the Press Secretary, The White House. “President Bush signs corporate corruption bill” (Sarbanes–Oxley Act 2002): www.whitehouse.gov/news/releases/2002/07/20020730.html
2 Lucas, Nance. “An interview with United States Senator Paul S. Sarbanes.” Journal of Leadership & Organizational Studies (June 22, 2004).
3 Levitt, Arthur. “The numbers game.” Speech dated September 28, 1998. www.sec.gov/news/speech/speecharchive/1998/spch220.txt
4 Financial Executives International (FEI). News release “FEI survey: Average 2007 SOX compliance cost $1.7 million.” fei.mediaroom.com/index.php?s=43&item=204
5 Ibid. A complete cross-referenced index of SEC filers, audit firms, offices, CPAs, services, fees, compliance/enforcement actions and other critical disclosure information can be found at: www.sarbanes-oxley.com
- Page 6 of 6
- Previous section Case Study
www.qfinance.com