Search      Advanced Search | Browse By Topic
Magazine Content
Home
Features
Columnists
Industry Risk Reports
In-Depth Series
Special Reports
Point/Counterpoint
R&I One® Content
News & Analysis
Editor's Choice Stories
Resources and Tools
Power Broker® Directory
Risk InnovatorTM
Emerging Risks
Top Employee Benefits Consultant
Executives To Watch
Insights
Industry Events
WorkersComp Forum
Award Nominations
Webinars
RSS
R&I Information
Subscription Center
Advertiser Information
About Us
Contact Us
 

Newsletter Sign-up

Click on the name of the free newsletter below to preview:

R&I One®
WORKERSCOMP Forum TM Update
HTML Text
E-Mail Address:


Click here to unsubscribe
Privacy Policy
Preferences
 

Thinking Outside the "SOX" Box

Report outlines ways for risk managers to tackle Sarbanes-Oxley requirements with more efficiency.

Print Email Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

By CYRIL TUOHY, managing editor of Risk & Insurance®

Oh, how risk managers would love to the lock SOX in a box, throw away the key and toss it off the dock.

If Dr. Seuss had penned the Sarbanes-Oxley Act, risk managers might have derived some pleasure out of reading the weighty document, passed into law in the wake of the Enron, WorldCom and Tyco International scandals a decade ago.

Instead, many risk managers are slogging through the law's compliance mandates, a job often made more difficult because many companies are not looking at Sarbanes-Oxley as a chance to innovate, automate and gain competitive advantage.

The findings are contained in a new survey titled "Thinking Outside the SOX Box.," by Ernst & Young. The survey, released Aug. 1, queried 225 global executives about their Sarbanes-Oxley compliance functions.

"Sox isn't dead," said Bob Cullen, a partner and global internal control leader with Ernst & Young, in an interview with Risk & Insurance®. "It's not going anywhere, and it's still a concern."

There's hope and help, however, particularly for companies looking to automate their controls, sending many of the functions associated with Sarbanes-Oxley offshore, taking advantage of a gamut of information technology resources, and innovating around Sarbanes-Oxley execution, said Ernst & Young.

"Testing is the most time-consuming process related to SOX controls," said Gerry Dixon, global risk leader for Ernst & Young. "Most respondents agree automation would free up both time and money."

A total of 22 percent of respondents have between 1,000 and 2,499 Sarbanes-Oxley-related controls, and another 13 percent of respondents have 2,500 Sarbanes-Oxley-related controls or more, the survey found.

Sarbanes-Oxley is a "tremendous drain" on resources, particularly those in internal audit, that could be deployed on more value-added tasks, the report found, the report said. Outsourcing or "cosourcing" is one way to help managers "offload" the law's compliance, lower-value functions. "If done properly and done right, you can lower your cost with outsourcing and cosourcing," Cullen said.

Cosourcing is a practice where a service is performed by staff from inside an organization and by an external service provider.

Ernst & Young, to whom many companies have outsourced their functions, has experts globally and offshore resource specialists in its global talent hub in India. Additionally, other companies use offshore resources in Sri Lanka, the Philippines and China, Cullen also said.

If companies redirected some of their information technology power to more deeply scope out their risks, it would turn their technology into a competitive advantage, the survey found.

The survey found that 37 percent of respondents never used data analytics, 39 percent never used automated testing methods, and 88 percent never used predictive modeling as part of their control testing process.

Information technology investment can be "a tremendous asset in gaining a competitive advantage and be beneficial when applied to SOX functions," Dixon said.

"But let's be clear: leveraging your information technology investment goes far beyond turning on various automated controls in the systems and automating testing," Dixon also said. "There is a real opportunity to use technology more strategically."

Passed in 2002, the Sarbanes-Oxley Act set tougher standards for U.S. public company boards, management and public accounting firms in the wake of the collapse of Enron Corp., and the scandal surrounding the company's accounting firm Arthur Andersen.

Proponents hailed the law as a necessary step to hold managers accountable and protect investors in the wake of the Enron collapse. Detractors labeled Sarbanes-Oxley as a compliance headache that was onerous, unnecessary and would end up costing companies millions of dollars.

Sarbanes-Oxley, now more than nine years old, requires annual certification by the C-suite and Cullen called the law "a complex and continual challenge."

As companies push into new, global markets, and acquire new subsidiaries and divest themselves of old ones, Cullen said companies will need to find ways to operate more efficiently under Sarbanes-Oxley.

Despite this, opportunities for applying innovative practices to the Sarbanes-Oxley function were relatively untapped option, the survey found.

August 9, 2011

Copyright 2011© LRP Publications
 
 
 
 
 
 
 
 
 
 
 
RISK logo
 

Back to top

Entire contents copyright © 2013 Risk and Insurance® All rights reserved. May not be reproduced in any form without written permission.