« Plays Well With Others | Main | "What Makes An ECM Suite?" »
February 4, 2005
Making Compliance Sustainable
A few weeks ago Deloitte published a really useful, short whitepaper titled "Under Control: Sustaining Compliance with Sarbanes-Oxley in Year Two and Beyond." (You can download the paper for free, but access requires registration.)
Recognizing that meeting first year SOX 404 compliance requirements was a real fire drill for many companies, the paper asks the important question of how to turn this into something that is sustainable. You should download and read the full paper, but I will pull out a couple of observations that seemed particularly important:
- Many companies approached their initial SOX compliance efforts as a
"project." To the extent that the project focus helped
meet the deadlines, it was a good thing. But it is also a potentially
crippling attitude that companies must consciously undo over the coming
year. Internal control and SOX compliance requirements never
end. They need to become part of daily operations, not a special
project. Facing the need to "change gears" squarely
will be important.
- The internal audit team often emerged as a central part of the
compliance "project" in year one. That made sense for the
first year, but may not be the right approach over the long
run. Without more staff and resources, continued work on SOX would
displace important internal audit work. Perhaps even more critically,
if if internal audit becomes responsible for implementing and managing
controls, they will not be in a position to provide an objective
evaluation of those same controls.
- Information technology was often not well integrated into first year compliance efforts -- the focus was on meeting the deadline, not on building a workable, sustainable system. Many companies will find that it is possible to make the process more efficient and sustainable by making strategic technology investments.
The paper is a nice overview of the problems faced by companies now that initial deadlines have been met. It is the kind of paper that I put in my files for future reference.
Share or tag this post on:
Digg | del.icio.us | Google | Yahoo My Web | Reddit | Newsvine
Posted by Bill Zoellick at February 4, 2005 9:23 PM
Trackback Pings
TrackBack URL for this entry:
http://gilbane.com/blog/mt-tb.cgi/59
Listed below are links to weblogs that reference Making Compliance Sustainable:
» Thoughts on Industry Analysts and Open Source (Part Nine) from Thinking Out Loud: Thought Leadership from an Enterprise Architect
Was thinking about if I ever became an industry analyst and could throw my integrity out the window, I could give the typical defense which would go something like "our enterprise clients are reluctant to commit mission-critical applications to untried... [Read More]
Tracked on February 17, 2005 9:34 PM
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)