Two SOX Compliance Tips for a Post-COVID World

Just as work environments have changed due to COVID-19, internal controls environments have also made a momentous shift. Verbal approvals and physical sign-offs are becoming a thing of the past as organizations settle in to working remotely. 

Recently, Workiva partnered with Embark to create an e-book, SOX Compliance in a Post-COVID World. Inside, we raised important questions worth considering when approaching SOX in the new normal.

The long and short is this: the underlying rules and regulations of SOX are the same, but the way work is done is starting to look enormously different. 

Read on to catch a couple takeaways of the piece, or download the entire e-book now.

Video evidence for a virtual controls environment

Remember when a CAO could review analysis from a mid-level accountant, verbally approve it, and all was right with the world? Well, things change, and today’s remote controls environment expects more than a nod and a smile. It wants evidence.

Does your control owner have the same level of documentation provided in prior reviews before you went virtual? And, through remote meetings, are you able to provide enough review evidence?

Organizations need to be able to provide the same level of documentation now as they were while working in the office. Recording any call that can be used as audit evidence will help maintain SOX compliance.

Consider recording your virtual meetings and workshops to enhance your evidence. Once recorded, a policy needs to be in place to control who has access to those meetings. 

Remote teams complicate segregation of duties

Similar to the hurdles of getting used to virtual meetings, having a smaller, geographically spread-out workforce can pose issues for your segregation of duties. This can leave gaps and risk for fraud and critical errors.

In regard to your remote workforce, have you assessed controls around segregation of duties and maintained appropriate audit trails? Not sitting next to your team in the office not only makes an audit trail more difficult to maintain, but also make it more important.

If your workforce has been reduced or members have been furloughed, duties may not be performed as a result. Controls need to be in place to mitigate the risk of material misstatement and trend analysis.

It’s easy to view compliance as yet another stressor in an already stressful new normal, but accurate and reliable financial statements protect your organization in a suddenly uncertain world.

Read the full e-book for more

These specific examples are just the beginning of the impact COVID-19 may have on your SOX compliance. Factors, such as delegation of authority and ERMs, will continue to be affected.

Get a copy of the full e-book to learn more about these two topics and more.