New FEI report highlights opportunities for SOX optimization

Significant opportunities still exist for optimization of Sarbanes Oxley (SOX) Section 404 programs and reductions in compliance cost, according to a new report released by BMR Advisors and Financial Executives Research Foundation (FERF), the research affiliate of Financial Executives International (FEI).

The report, entitled SOX 404 Optimization: Operational Trends, was distributed this week in conjunction with Financial Executives International's Current Financial Reporting Issues conference in New York, and identifies program scope and program structure as the two principal drivers of SOX program efficiency. Exploring a variety of ways in which these factors can be balanced to create a customized operational model, the report is based on qualitative interviews with more than 30 senior finance and internal control professionals, carried out during September and October 2008.

"In the years since its enactment, Sarbanes-Oxley has been a constant focus of attention and countless research initiatives – but many of these have focused mainly on quantitative issues," said report author Sanjay Mehta, Senior Partner with BMR. "We wanted our study to delve even deeper into the issue – to look behind the headline numbers of key controls, compliance costs and so on and to explore how SOX compliance is actually being managed on an operational basis since the implementation of AS5."

"We were encouraged to find that significant upside opportunities still exist – particularly for those companies lower down the maturity curve in terms of their SOX compliance," said Cheryl de Mesa Graziano, Vice President, Research and Operations for FERF. "This will be considerably valuable for those companies that have yet to adopt SOX."

Key findings of the report include:

Gauging operational maturity of SOX programs

Optimization of (a) program scope and (b) program structure are the key metrics to use in evaluating the maturity of a SOX compliance program. Although scope has the more direct impact on overall compliance cost, companies at the higher levels of SOX maturity have also made efforts to optimize the structure of their SOX programs such that internal and external costs are controlled.

Introduction of AS5

Many organizations began to benefit from AS5 (and the new SEC interpretive guidance) before they officially came into effect, and the overwhelming feedback is that the new approach has driven significant cost reductions. However, by no means all companies have reaped the full reward of AS5, and some have shown little or no reduction in scope since the early days of SOX.

Structural optimization

A continuum of SOX operating models is emerging, where the core distinguishing factor is the extent to which responsibility for management and execution is either centralized or decentralized. Which model an organization chooses to follow is driven by such factors as business complexity; business dynamism; control culture; technology infrastructure; and so forth. In optimizing program structure under AS5, SOX leaders must balance the need to maximize the external auditor's reliance upon management testing with the need to ensure that internal resources are deployed in an efficient way.

Opportunities for further rationalization

Beyond AS5, opportunities for further rationalization still remain, in four main areas:

  1. Transformation of control environment to focus less on manual controls and more on (a) automated and (b) entity-level controls;
  2. Consolidation of processes onto a reduced number of systems, or into a reduced number of locations, through a shared-services or BPO approach;
  3. Adoption of more sophisticated testing strategies, including remote testing; and
  4. Selective strategic sourcing of SOX testing work.

General feedback on SOX

SOX has brought some significant benefits – some of which were unexpected, such as the value that it has brought in integrating processes after a merger, or when establishing a new business unit. Among the suggested improvements to the Act and its interpretation, four stand out:

  1. Acceptance of a degree of rotational testing;
  2. Integration of SOX into a broader, more holistic view of business risk;
  3. Simplification to better align with future migration to International Financial Reporting Standards (IFRS); and
  4. Re-definition of SOX thresholds for smaller companies.

Full copies of SOX Optimization: Operational Trends are available for download at the FERF Web site, under "reports" section.

You may like these other stories...

Companies are taking their time transitioning to the 2013 Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework, even though the updated guidance is set to take effect...
By Jason BramwellOfficials from the Public Company Accounting Oversight Board (PCAOB) said on August 19 that deficiencies were found in all sixty of the broker-dealer audits conducted by audit firms that the PCAOB inspected...
By Frank Byrt and Anne RosivachThe Public Company Accounting Oversight Board (PCAOB) issued a cautiously optimistic report on US auditors' performance, saying the Board found a reduced rate of "significant audit...

Upcoming CPE Webinars

Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.
Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.