Welcome to the nightmare. The biggest gripe about Section 404 controls is that they will not get easier and will not reduce over time. No matter how long companies have to get used to it.
Now five years into Sarbanes-Oxley and it looks like those concerns are justified. A new survey of 300 companies published in Compliance Week shows that over 80 percent of companies responding said they expected no better than a 20 per cent reduction in key controls going forward.
It gets worse still if you drill it down further. More than half said they expected no more than a 10 per cent reduction and one in four expected no more than something between 10 and 20 per cent.
Significantly, Auditing Standard Number 5 approved last year by the Securities and Exchange Commission amidst claims by the regulator that it would reduce unnecessary costs and make things less prescriptive has not lived up to its promise.
Great Article! We engage on a daily basis with many SOX officers from F1000 clients in highly regulated industries. On whole, I would agree with the premise that the number of key controls is not diminishing. Many of our clients were engaging a top-down scoping approach long before the implementation of AS 5 and were reducing the number of key controls in year 2 to 3 of the compliance effort.
However, the lack of reduction in key controls does not mean that the SOX compliance process cannot be more efficient. Many clients are successfully implementing tools to assist in consolidating the data, automating the process and generating meaningful and intuitive dashboards. This has significantly aided management in converting SOX compliance from a project into a process which is part of everyday operations.
In fact, many of our clients are beginning to take the process one step farther by uniting their SOX compliance efforts with other governance, risk and compliance processes. By combining disparate roles and initiatives, companies have enjoyed significant savings and efficiencies. Again, software solutions are enabling such value creation by bringing lots of information together in a single repository, performing automated processes and assessment, and creating powerful, actionable dashboards.
Even though the number of key controls may not be decreasing, hopefully managers can take other steps to gain greater efficiencies in the SOX compliance process.
Thanks for the information … spot on!