Regulatory interventions like Sarbanes Oxley (SOX) disruptively elevate the internal control functions of finance and make them visible. The relationship between internal audit and risk management gets stressed and controls are seen to provide the necessary assurance that the management is proactively identifying and mitigating any risks that arise from business operations, internal systems and organizational structures. In fact, SOX forces the industry to pull up its socks and evaluate the controls it has put in place.
Industries complying with SOX put in efforts to identify enterprise risks and take a holistic view of the risk involved. They evolve internal controls and processes that are highly automated and require very little or no human intervention. The process begins with evaluation, documentation and standardization of controls across the enterprise for optimization. Automated control measures are established for determining effectiveness and continuous improvement.
However, many organizations complain that there is a distinct lack of regulatory guidance under SOX. This has led to a limited adoption of applications that are purpose driven and information often remains fragmented, scattered and siloed across the enterprise. This results in control deficiencies and automation of only 20-50% of the controls. The manual controls become a drag on compliance and prove labor intensive and expensive. Workflows are uncoordinated and lack of collaboration tools result in poor coordination between external auditors and internal compliance teams and high costs of consulting.
A content-based approach to automation has been recommended for reliability and enablement. Research indicates that the key to controls optimization lies in the enterprise’s ability to document content, standardize controls and manage the compliance process. Collaborative content and document management systems, therefore, are critical resources for SOX compliance. These systems enable rule based workflow management and role based security models that assign, monitor or sign off on assigned tasks across the organization. User management systems, then, enforce proper segmentation of duties and enhance preventive controls. It guarantees integrity, sustainability and persistency of data that is generated, used and stored by the enterprise for SOX compliance.
Pulling up—for SOX is complex and can only be achieved by combining technologies to work in unison to effectively manage risk. There are no silver bullets—only hard work.