Sarbanes-Oxley regulations are now 15 years old. While put in place to improve the accuracy and reliability of corporate disclosures and protect investors, regulations have required public companies to institute numerous new processes and internal controls. The regulations put in place control hurdles that need to be cleared before a company can go public. Some now argue that SOX regulations have made it too difficult for businesses to go public and remain public. In fact, recently there have been calls to repeal one of the most onerous requirements–section 404 which requires attestation by auditors.
SOX compliance is not easy for any company and there is no “magic wand” that will make an organization compliant. Instead it is a matter of putting in place processes, training your team on new procedures and then leveraging solutions that help enforce them. These efforts combined help a company meet the requirements..
There is a “compliance trifecta” that when realized, ensures an organization is well on its way to compliance. The trifecta comprises of:
- Establishing repeatable workflow processes that add structure, accountability and control to all your financial activities
- Assignment of individual team members’ duties and responsibilities where you can enforce segregation of these duties and then have the ability to audit these
- Satisfy demands of auditors and IT for the documentation of information access, change authority and the accuracy and archival of electronic records
Make these three areas work in your organization and you’re well on your way to SOX compliance.
There’s plenty that can go wrong along the way and especially with reconciliation reviews.
Want to better understand the top 6 things that can go wrong with these reviews? Check out last month’s webinar, SOX Compliance for Reconciliation Reviews and learn what can go wrong and how to put preventative measures in place.