|
|
|
Features
< Back
Sarbanes Oxley : Thought Leader
A Response From Richard Binswanger
By
Richard Binswanger
|
|
Richard Binswanger
Senior Vice President
BI International
|
Below is a response from Richard Binswanger, senior vice president of BI International, developers of the Aline? platform for Governance, Risk, and Compliance highlighted by Aline?4SOX for 404.
Ted Frank makes some very good points in his article, ?What is the single most challenging Sarbanes-Oxley issue today?? In particular, he points out that Sarbanes-Oxley needs to be thought of as an on-going process, and if time is not taken for planning early, then the result could be costly ?redos? in the future.
He correctly makes the case that SOX 404 should be thought of in the context of overall governance, risk, and compliance (GRC) and not something self-contained. Indeed, that argument extends even further into performance management because risk and performance are just flip sides of the same coin. SOX 404 represents an opportunity, especially for the smaller public companies, because often this is first time they will be capturing reliable information about the business processes. Since 404/302 work must be done systematically by federal mandate it does not take much extra effort to capture various parameters of performance and embed key performance indicators (KPIs) next to the key risk indicators (KRIs) and see how the company is performing from a business perspective.
But the non-accelerated companies just starting SOX for the first time will not think about such things for years nor should they. Their concern is getting the basic 404 project done, and as their larger brethren found three years ago, the process can seem too formidable to consider anything more than just reaching compliance. This is where the value of ?SOX in a Box? begins.
Frank argues that "SOX in a Box" offers a quick fix that can look appealing but leads to negative long- term consequences in the short and long term. But if done properly, nothing is farther from the truth. A good "SOX in a Box" solution not only allows companies to get their work done faster and better, it encourages a sustainable process that extends beyond SOX.
Unlike three years ago, building a set of best-practice controls is now not only feasible but starting to become a reality. With good content to populate a ?SOX in a Box? effort, smaller companies don't need to start from scratch but can fit themselves into a solid framework. Most of these companies won't have much of a framework in place anyway, so providing them with one is a real benefit.
A best-practice framework lets them take advantage of the experience gained by consultants, practitioners, and accountants as long as the 80/20 rule is invoked. The "SOX in a Box" framework is not meant to serve as the end, but rather to drive forward a serious analysis of what is needed, so that a better result occurs. The "prepackaged" controls show the company how to mitigate risk in a way they can understand and alter the framework to their specific needs, while feeling secure in knowing they are adapting from a proven starting point.
If there can be some standardization of best practices around controls then the market will begin to build more efficient and cheaper ways to institute the standard. Benchmarking then becomes more manageable as variations within some boundary of deviation will be acceptable to most of the mid- and small-market players.
SOX then more assuredly becomes repeatable and sustainable and the non?accelerated are far more likely to find value beyond SOX.
Richard Binswanger
Senior Vice President
BI International
Richard Binswanger is senior vice president at BI International.
|
|
|
|
|
