|
|
Roundtable
< Back
What is the single most challenging Sarbanes-Oxley issue today?
|
Tim Welu President & CEO Paisley Consulting
|
The single most challenging Sarbanes-Oxley issue today is identifying an efficient way to sustain compliance over the long run. Many organizations have completed the work of documenting their financial reporting processes and the control structure around them, but it has been a very labor intensive effort to achieve compliance. The next challenge is finding a sustainable solution that distributes responsibility for monitoring of controls to the appropriate managers, and minimizes the time and effort required to maintain it. The solution should also enforce accountability for those managers, requiring systematic review and sign-off through defined workflows. Ideally, the solution would provide support for automation of the monitoring of critical controls. A long term solution will eventually be integrated into many of the organizations enterprise applications, with the ability to extract data and monitor key control activities, delivering the timely reporting that S409 demands.
This is a task that seems simple enough on the surface, but the requirements are extensive. Controls must be monitored and tested on a regular basis to ensure that they are performing adequately. The documentation must be updated and maintained. Management must be able to support their assertions that the financial data in their reports is accurate. Material weaknesses must be identified and reported in a timely manner. Resolution of issues must be tracked and reported. The control environment must be evaluated. A cultural change may be needed to encourage managers to identify problems without the fear of retribution.
Organizations that find a technology solution which allows them to efficiently meet these requirements, with a minimum of manual effort, will reap rewards. That solution will ultimately provide more than just compliance with Sarbanes-Oxley. That same solution can be applied across the enterprise, to document, evaluate and monitor processes and controls in all areas. It does not need to be limited to financial reporting. The methods and procedures that are applied to achieve compliance for Sarbanes-Oxley can also provide the foundation for an enterprise risk management program.
The objective of Sarbanes-Oxley is to provide shareholders with greater transparency into the financial reporting process. The goal of enterprise risk management is to provide executive management with greater understanding and transparency into their enterprise, enabling them to make better management decisions. ERM applies a system of measurement to the organizations internal processes, providing management with an understanding of their organizations strengths and weaknesses. It allows resources to be assigned to the appropriate areas to address weaknesses or to exploit areas with competitive advantages. ERM is a long term goal for many organizations. The first and most pressing need, is to find that technology solution which can efficiently and effectively help them maintain compliance with the many requirements of the Sarbanes-Oxley act.
|
|
|