Controlled Compliance: Cutting the Cost of Sarbanes-Oxley
Harrogate, United Kingdom, December 06, 2006 --(PR.com)-- Accelerated filers are now in the midst of Year Three of their Sarbanes-Oxley compliance efforts, and are beginning to get their arms around how to manage these efforts on an ongoing basis. However, a number of challenges have been identified that inhibit to some degree their ability to manage these compliance efforts in an efficient manner, and allow resources to begin refocusing on other initiatives within their organizations.
These same challenges are beginning to be identified by Non-Accelerated filers and others, as they assess their compliance readiness.
These challenges include:
· Effective Design: The ability to review the design of controls effectively and efficiently against the COSO framework, in order to ensure controls identified as critical offer the required coverage of risks and assertions. Since this process must be conducted annually, organizations are seeking a consistent, repeatable, verifiable method to accomplish this;
· Effective Control Coverage: The ability to select the minimum number of controls (called critical or key controls) that provide the maximum coverage of both risks, as defined by COSO or a similar framework, and financial assertions, as defined by the Public Company Accounting Oversight Board (PCAOB). Management needs to support its assertions as to the control structure in a way that meets the expectations of the Audit Committee, Board and external oversight groups, including external auditors.
· Minimizing Internal and External Costs: While companies take their responsibilities related to Sarbanes very seriously, there are also a number of other regulatory requirements and management initiatives that compete for scarce resources. Companies are searching for ways to ensure management assertions are effectively supported, and external audit requirements are met, while evaluating and testing the minimum number of critical controls within their organizations. In addition, reducing the number of controls tested by an organization will impact the scope of review conducted by external auditors, impacting ongoing costs further. Gaining buy-off by the externals as to a reduced test scope will require clear, consistent and persuasive evidence of the coverage of risks and assertions.
· Managing Internal Resources: One of the main challenges companies face is how to reduce the level of resources required to execute design reviews and control testing each year. Now, companies are communicating (some might even say negotiating) with their external auditors to determine both the level of effort required internally - which is a direct outcome of the number of controls to be tested - and the level of effort external auditors feel they need to bring to the compliance review in order to obtain a basis for their assessments.
Many companies are looking to some type of risk and compliance tool to help address these challenges moving forward. Other companies feel a bit shy to revisit utilizing a software tool because they feel burned by many of the early entry products that became available during Years One and Two. Most companies agree, however, that some type of automated solution will be necessary as compliance efforts mature within their organizations and the need to move away from these manual assessment process increases.
A solution such as CODA-Control Architect, for example, will quickly and effectively evaluate the design of controls and target cost-effective and efficient testing programs to support an organization's compliance efforts. Companies utilizing this solution should expect a mixed response from their external auditors, though. The increased structure to design and testing efforts should provide increased comfort by externals for the coverage provided, however they may not happily welcome the reduction in billable hours for the engagement!
Cintra Olson has worked in the Internal Audit field for over 16 years, and has managed or contributed to over 30 Sarbanes-Oxley projects. She brings this background to her role as CODA's Business Development Manager with a focus on compliance solutions, and has spoken on the subject of internal audit and Sarbanes-Oxley implementation at institutional events and seminars.
###
These same challenges are beginning to be identified by Non-Accelerated filers and others, as they assess their compliance readiness.
These challenges include:
· Effective Design: The ability to review the design of controls effectively and efficiently against the COSO framework, in order to ensure controls identified as critical offer the required coverage of risks and assertions. Since this process must be conducted annually, organizations are seeking a consistent, repeatable, verifiable method to accomplish this;
· Effective Control Coverage: The ability to select the minimum number of controls (called critical or key controls) that provide the maximum coverage of both risks, as defined by COSO or a similar framework, and financial assertions, as defined by the Public Company Accounting Oversight Board (PCAOB). Management needs to support its assertions as to the control structure in a way that meets the expectations of the Audit Committee, Board and external oversight groups, including external auditors.
· Minimizing Internal and External Costs: While companies take their responsibilities related to Sarbanes very seriously, there are also a number of other regulatory requirements and management initiatives that compete for scarce resources. Companies are searching for ways to ensure management assertions are effectively supported, and external audit requirements are met, while evaluating and testing the minimum number of critical controls within their organizations. In addition, reducing the number of controls tested by an organization will impact the scope of review conducted by external auditors, impacting ongoing costs further. Gaining buy-off by the externals as to a reduced test scope will require clear, consistent and persuasive evidence of the coverage of risks and assertions.
· Managing Internal Resources: One of the main challenges companies face is how to reduce the level of resources required to execute design reviews and control testing each year. Now, companies are communicating (some might even say negotiating) with their external auditors to determine both the level of effort required internally - which is a direct outcome of the number of controls to be tested - and the level of effort external auditors feel they need to bring to the compliance review in order to obtain a basis for their assessments.
Many companies are looking to some type of risk and compliance tool to help address these challenges moving forward. Other companies feel a bit shy to revisit utilizing a software tool because they feel burned by many of the early entry products that became available during Years One and Two. Most companies agree, however, that some type of automated solution will be necessary as compliance efforts mature within their organizations and the need to move away from these manual assessment process increases.
A solution such as CODA-Control Architect, for example, will quickly and effectively evaluate the design of controls and target cost-effective and efficient testing programs to support an organization's compliance efforts. Companies utilizing this solution should expect a mixed response from their external auditors, though. The increased structure to design and testing efforts should provide increased comfort by externals for the coverage provided, however they may not happily welcome the reduction in billable hours for the engagement!
Cintra Olson has worked in the Internal Audit field for over 16 years, and has managed or contributed to over 30 Sarbanes-Oxley projects. She brings this background to her role as CODA's Business Development Manager with a focus on compliance solutions, and has spoken on the subject of internal audit and Sarbanes-Oxley implementation at institutional events and seminars.
###
Contact
CODA
Emma Hoyle
44-01-423-537-977
www.coda.com
Emma Hoyle
44-01-423-537-977
www.coda.com
Contact
Categories