Curated for content, computing, and digital experience professionals

Making Compliance Sustainable

A few weeks ago Deloitte published a really useful, short whitepaper titled
Control: Sustaining Compliance with Sarbanes-Oxley in Year Two and Beyond
(You can download the paper for free, but access requires registration.)

Recognizing that meeting first year SOX 404 compliance requirements was a
real fire drill for many companies, the paper asks the important question of how
to turn this into something that is sustainable.  You should download and
read the full paper, but I will pull out a couple of observations that seemed
particularly important:

  • Many companies approached their initial SOX compliance efforts as a
      To the extent that the project focus helped
    meet the deadlines, it was a good thing.  But it is also a potentially
    attitude that companies must consciously undo over the coming
    year.  Internal control and SOX compliance requirements never
    end.  They need to become part of daily operations, not a special
    project.  Facing the need to  "change gears" squarely
    will be important.
  • The internal audit team often emerged as a central part of the
    compliance "project" in year one.  That made sense for the
    first year, but may not be the right approach over the long
    run.  Without more staff and resources, continued work on SOX would
    displace important internal audit work.  Perhaps even more critically,
    if if internal audit becomes responsible for implementing and managing
    controls, they will not be in a position to provide an objective
    evaluation of those same controls
  • Information technology was often not well integrated into first year
    efforts — the focus was on meeting the deadline, not on
    building a workable, sustainable system.  Many companies will find that
    it is possible to make the process more efficient and sustainable by
    making strategic technology investments

The paper is a nice overview of the problems faced by companies now that
initial deadlines have been met.  It is the kind of paper that I put in my
files for future reference.

1 Comment

  1. Thinking Out Loud: Thought Leadership from an Enterprise Architect

    Thoughts on Industry Analysts and Open Source (Part Nine)

    Was thinking about if I ever became an industry analyst and could throw my integrity out the window, I could give the typical defense which would go something like “our enterprise clients are reluctant to commit mission-critical applications to untried…

Leave a Reply

© 2023 The Gilbane Advisor

Theme by Anders NorenUp ↑