As Sarbanes Oxley (SOX) legislation moves beyond its 20th anniversary, it’s time to stop thinking of SOX compliance as merely a box to check and start exploring all of the ways that it can go beyond simply meeting compliance requirements and add additional value to one’s organization. While it is certainly still true that the nature and intent of SOX is still compliance-related at its core, there is much additional value companies can achieve by having a robust structure of internal control that goes beyond compliance. As financial pressures increase for businesses, management should consider these potential benefits of going beyond the compliance imperative and extracting all that they can from their SOX initiatives.
An increasing number of companies are looking beyond the traditional view of SOX as strictly a compliance-related exercise and realizing organizational value through the achievement of the additive benefits of program compliance. With this enhanced perspective, some are realizing that efforts to meet SOX compliance requirements can be adapted throughout their organization to achieve enterprise-wide risk initiatives, while raising the awareness of risk for all internal stakeholders. Some of these benefits include gaining an improved environment of internal controls, enhancing risk control, and increasing efficiencies gained through the simplification of control activities. In centralizing internal control activities to the greatest extent possible, other risk management activities, such as governance, risk, and compliance (GRC) can be integrated with SOX compliance to eliminate control redundancies and streamline the overall control environment.
Increased External Audit Reliance
Internal audit departments are finding that the audit fees charged by external auditors can be greatly reduced through proper scoping and planning, whereby the external auditors agree to rely on testing performed by the company’s internal compliance function. By aligning with the expectations of the external auditors, increasing coordination through meetings, and sharing testing templates, greater reliance is placed on the work done by the internal auditors. This can result in a reduction of external audit fees. This reliance can be enhanced by agreeing in advance with the independent external auditors on the methodology and standards used, as well as the implementation of a formal risk assessment and scoping approach. By providing evidence of competence and objectivity in their internal audit SOX activities, a company can further increase the chance of SOX testing reliance by external auditors.
Technology enhancements can also drive efficiencies in SOX processes. In today’s environment, businesses have many tools at their disposal that could save time through the implementation of automation to perform scoping, risk assessments, and analytic testing procedures. The added benefits of continuous auditing and continuous monitoring provide much greater assurance of control reliability and performance in their environment. SOX programs that fail to keep pace with technological improvements in other parts of the business will increasingly provide a diminished level of value within their respective organizations.
McKonly & Asbury has the experience and resources to assist any company in their SOX compliance efforts, no matter the level of program maturity. For further information regarding our internal audit experience, be sure to visit our Internal Audit Services page and don’t hesitate to reach out to a member of our internal audit team, such as Elaine Nissley.