|
Reducing
the High Cost of Sarbanes-Oxley (SOX)
The Sarbanes-Oxley Act of 2002 was one of the most comprehensive financial regulatory
laws in U.S. history fashioned to protect
investors and stop corporate malfeasance
by requiring higher standards of corporate transparency and disclosure with
heavy penalties for non-compliance. While there are many components to this Act there are two in particular
that stand out – Sections 404 and 302 related to internal controls.
Section
404 of the Sarbanes-Oxley Act requires companies to present an annual report on
the state of internal controls as they relate to financial reporting for which
management must assert to their adequacy and an independent audit must attest
to this information with any material weakness disclosed.
Section 302 demands quarterly compliance and assessing these internal controls and the impact of any system and process
changes. Without a doubt, adhering to these
requirements is an on-going, iterative process.
Companies have invested heavily in becoming compliant and are now
seeking ways to approach compliance more systematically, reduce costs, and be
able to reallocate precious resources to more direct revenue generation
projects.
The following describes some key considerations when selecting your SOX automation solution and demonstrates how Compliancy Software provides the most cost effective solution for today and in the future:
Requirements to Optimize Your SOX
Investment
To build a cost effective and sustainable approach requires standardization of
processes and technology tools that can automate and provide the key elements
of continuous monitoring and management of control documentation, document
utilization, certifications, changes, tests and audits over time.
In order to optimize your investment we actually identify three different levels of an effective program each building
on the other.
Level 1 – Basic Compliance
Automation
Ernst
& Young identified the following key attributes of an effective controls
program:
-
Consistent
processes
-
Highly
automated business processes
-
Effective
IT general controls
-
Tightly
defined configurable controls for financially significant processes
-
Process
owner accountability
-
Control
self-assessment process
-
AS5 (Accounting Standard No. 5) templates for easier and lower cost implementation
AS5 was recently approved and is designed to increase the likelihood of finding material weaknesses in internal
controls before they result in problems, eliminate procedures that are
unnecessary, and focus the auditor on procedures that can be tailored to the
company’s facts and circumstances. All
these are critical to reducing costs while strengthening the financial
reporting process thus especially important to smaller businesses.
However, considerable cost efficiencies and improved accountability and management can
be further gained by automation of the internal control processes. The Compliancy ICM product along with its AS5
templates provides a faster, easier and more cost effective solution for taking
advantage of compliance automation.
The above list is basic to meeting the fundamental compliance requirements that should be addressable by any good compliance automation solution. However, while many alternative solutions may
provide automation of workflows they do are not able to automate business
processes in general and can only work within their confined areas.
Level 2 –
Optimized Compliance
To maximize the opportunity to reduce costs there are several other key
requirements that need to be considered. This is where most other solutions start to
fail to deliver because they are not business process based.
The following requires a business process based solution with advanced workflow management to reduce costs even further by more
effective real-time management and reducing costs through prevention and early
detection:
-
Continuous control monitoring
-
Issues prevention and early identification through business rules
monitoring
-
Transaction level monitoring for related applications
-
Real-time dashboard monitoring and reporting including alerts
-
Automated issues management and remediation
-
Roles based interfaces and granular security access
Level 3 – Business Transformation
A Business Process Management (BPM) based solution with generalizable application
interfaces and tools is needed to transform any risk management and compliance
requirements to real business value. With a BPM based system you can accomplish the following:
-
Distribute tasks directly to the responsible individuals to eliminate
complex system access, reduce training and support, and accelerate task
completion.
-
Integrate risk and compliance directly into business processes to
eliminate redundancy for more cost effective streamlining and better decision
making.
-
Automate and manage any risk and compliance process requirement for a
future proof investment.
Top
A Next Generation SOX Solution
Compliancy Software’s Internal Control
Management (ICM) is a next generation solution for automating and managing business
processes for any GRC (Governance, Risk, Compliance) requirements PLUS any general business operation with built-in controls to ensure ensure adherence for both regulatory and non-regulatory processes - a unique GRC Plus™ solution!
ICM provides complete SOX internal control management capabilities including
the documentation, automation and management of all compliance processes, rules
based routing, segregation of duties, security authorization, automated
testing/auditing, certifications, evidence tracking, issues management and
reporting.
The Compliancy ICM solution
is a single integrated platform that is Business Process Management (BPM) based and forms and template driven making it easier to implement and use. For example, templates are provided for requirements such as AS5 (Accounting Standard No. 5) to make implementation and management significantly easier with a lower cost.
It enables a new level of ease of use for any level of user, with no programming required and a future proof solution for automation of any business process with ensured results.
Top
ICM Coverage Mapping of SOX Requirements
The following illustrates how the Compliancy ICM solution maps to the SOX requirements:
|
ICM
|
SOX
Sections
|
Users
|
|
Dashboard/
Continuous Monitor
|
302,404 &
409
|
Execs, Mgt,
Audit
|
|
Control Automated
Procedures
|
404
|
Audit (financial
& IT)
|
|
Control
Processes
|
404
|
Business Unit
Users
|
|
Documentation
|
404
|
Audit (financial
& IT)
|
|
Certification
|
302,404 &
409
|
Audit &
Mgt
|
|
Issues Mgt
|
404
|
Audit &
Mgt
|
|
Reports
|
302 & 409
|
Execs, Mgt,
Audit
|
|
Control Automation
Management
|
404
|
Audit
Administration
|
|
System Admin
|
N/A
|
IT
Administration
|
Top
Easier, Faster Business Value That Is Future Proof
and More At NO Additional Cost
Compliancy makes it easier to quickly get started and then evolve as needed with roles based interfaces, SOX specific templates, and no programming
required. Compliancy customers have been
up and running in as little as a weeks time. Our research has clearly shown 20-50% increase
in savings versus more traditional methodologies and an increase in 20-30%
faster response to issues.
More cost effective
sustained compliance
-
Reduces the cost, time and stress of maintaining SOX
compliance.
-
Ensures sustained, operationally efficient
compliance.
-
Greater overall cost reduction and more efficient
use of resources for a better ROI.
-
Reduces cost of testing and issue management by
preventative issue identification.
-
Allows companies to return their focus to their core
business.
More effective
compliance management
-
Ensures controls are being properly performed using
prescribed methodology
-
Maintains SOX/audit readiness for fast and easier
turn around
-
Provides visibility and confidence in control and
SOX compliance for all stake holders through an impartial system of
accountability
-
Reduces the corporate and personal risks associated
with SOX compliance
| 
