SOX modernization has been saved
Perspectives
SOX modernization
Optimizing compliance while extracting value
In the years since the Sarbanes-Oxley Act of 2002 (SOX) was enacted, there have been significant developments in technology, methodology, and business and operating environments; however, the SOX program at many companies may not have evolved at the same pace, or at all. Through modernization, a company can optimize its SOX program, achieve efficiencies, extract value and insights to share with other areas of the organization, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.
It’s time to refresh and rethink SOX
Many programs and processes at companies can succumb to the proverbial saying, “If it ain’t broke, don’t fix it.” This can be exacerbated by competing priorities due to an evolving business environment, new or revised regulatory requirements, changing technology, and so on. For many public companies, the SOX program established to comply with the regulatory requirements of the Sarbanes-Oxley Act of 2002 (SOX) may have also fallen into a “rinse and repeat” pattern.
A SOX program that has not been challenged in years may be stale, which could be a drain on resources and impede performance, particularly if this compliance program is treated more like a “check-the-box” activity.
After having an established SOX program for years, especially one that may not have kept up with the pace of change, it’s time to refresh, rethink, and modernize. Through modernization , a company can optimize its SOX program, achieve efficiencies, extract value and insights to share with other areas of the organization, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.
An established governance structure and clear accountability are fundamental to an effective operating model. Defining the overall governance structure of the SOX compliance program can help to ensure there is oversight by those resources with the appropriate skill set and level of authority to drive the strategic vision of the SOX program while defining roles and responsibilities can help drive accountability throughout the company.
After years of complying with SOX, some companies may no longer perform a robust risk assessment through a critical lens. Refreshing the risk assessment can help to determine if there is a shift in which areas that company should focus on due to new or changed risks. There may also be an opportunity to harmonize risk assessment efforts across other compliance activities throughout the organization.
Identifying opportunities to automate and digitize can support a company’s efforts to modernize its SOX program. Options for automation include automating control testing, automating control operation, automating an entire process, and implementing a governance, risk, and control (GRC) tool.
Where to go from here
By refreshing and modernizing the SOX program, a company can identify opportunities to increase efficiency, shift focus and efforts to areas that matter most, potentially reduce the cost of compliance, and extract value and provide insights.
Contact us
The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.
Get in touch
To learn more about how SOX modernization can help your organization, contact us.
Lindsay Rosenfeld |
Patricia Salkin |
Theresa Koursaris |
Sandra Teixeira |
Recommendations
SOX and internal control over financial reporting services
SOX program needs addressed with people, processes, and technology
A practical approach to SOX readiness
Standing up a system of internal control
