The Perfect Pair: Sarbanes-Oxley and COSO Framework
The Sarbanes-Oxley Act (SOX) was passed by Congress to help protect investors from corporations engaging in fraudulent accounting. SOX was a direct response to scandals that rocked investor confidence, including those at Enron, Tyco, and more. Today, SOX continues to hold corporations accountable, but it doesn’t end with financial departments.
SOX is also being used to help determine the outcomes of critical issues that employees face in the workplace—and that’s a good thing. As Gerald Golden says in his recent article for Inside Counsel, "now is a critical time for employers to take notice of the far reaching implications these decisions have on the American workplace."
And now there’s an additional element to consider: the new 2013 COSO framework should be implemented by the end of the year. The new framework shifts requirements from a specific documented process to identifying gaps where the controls process can be improved or updated. As organizations grapple with both the COSO framework updates and SOX process, it’s more crucial than ever to stay in control of documentation, and have a solid plan in place. Here's how:
Acknowledge the inefficiencies
SOX documentation is a big undertaking, and frequently the employees responsible are located in different departments throughout an organization. Version control among multiple teams can lead to huge headaches as employees try to keep risk control matrix and process narratives current and error-free.
Checking documents in and out is stressful for everyone involved as teams try to eliminate redundancies and contribute their part to the SOX documentation process. Towards the end of the process, final sign-off and certifications increase the risk and pressure to keep all documentation up to date. Often, one person is left babysitting the entire operation as they try to certify dozens of documents via email and voicemail.
Take charge of your documentation process
No matter how a company is organized, taking a strategic approach to SOX documentation will ensure that all information is up to date and available to all relevant team members. Planning ahead is key. With the right process and tools in place, information can be updated in real-time to avoid confusion, repetition, or omission of pertinent information.
The updated 2013 COSO framework means that controls will be under even greater scrutiny—making accuracy and process control and transparency vital. To assemble the right process, look for tools that allow your team to build a more efficient and decentralized process with a high level of control. Customized user permissions decrease risk and increase accessibility. The right technology can help ease the pain of the SOX documentation process, allowing teams to be more confident and free up time to focus on the things that really matter.
About the Author
Mike Starr is Vice President of Governmental and Regulatory Affairs. He previously served as the SEC Chief Accountant’s advisor with a focus on investors’ financial information needs and the role of structured data in meeting those needs. Prior to his work with the SEC, Mike served as Chief Operating Officer for Grant Thornton International Ltd., where he oversaw global strategy and public policy. He earned a Bachelor of Science in accounting from Oklahoma State University (OSU), and in 2010 was recognized as an OSU distinguished accounting alumnus and inducted into the School of Accounting Hall of Fame.