Sarbanes-Oxley is more than just a legal requirement. It can strengthen or dilute business resources….beef-up important controls and disciplines or suck the life out of a firm’s flexibility…..effectively utilize operational data or just create another round of non-value added reporting.

How you approach the SOx requirements can make all the difference!

Among other requirements, Sarbanes-Oxley requires a firm’s management to assess the controls in place to ensure accurate financial reporting. Management must assert that appropriate controls are in place and effectively operating so that the resulting financial data fairly represent the firm’s position. Management must also take into account information’that does not appear on the income statement, balance sheet, or other financial record, but that could materially affect that position. The impact of this “off statement” information, along with the underlying controls, should factor into the conclusions drawn by management.

Failing to identify and utilize existing data can be very costly. Controls and reporting may be duplicated, resulting in additional overhead without any incremental benefit. Even if this information is not sufficient for SOx compliance purposes, it is a start. In addition, existing significant non-financial information may be invisible to executive management and omitted when materiality is assessed. The ISOx process is designed to help close these gaps.

 Organizations presently registered to ISO-based quality and environmental management systems already collect and review data pertinent to SOx internal control and/or materiality issues at a site level.  Unfortunately, these data are rarely visible to the functions and individuals with responsibility for actually assessing the relevance of the data for SOx reporting purposes.

Often, controls related to financial reporting link to underlying operational controls.....controls over customer order review/entry, inventory receipts/disbursements, purchasing, etc. These operational controls are an important source of objective evidence for SOx 404 compliance.