SOX Compliance

Following the accounting scandals in such companies as Enrol, Tyco and WorldCom, SOX has become a new challenge to the compliance field and also created many career opportunities for compliance officers.

SOX stands for the Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002, is the US federal law for the listed companies. The more remarkable provisions of SOX include:

• Certification of financial reports by CEO and CFO
• Independence of auditor and audit committee
• Significantly longer maximum penalties for corporate executives who knowingly and wilfully misstate financial statements
• Employee protections for corporate fraud whistleblowing
• Establishment of internal controls over financial reporting

IT plays a key role in the financial reporting process and thus SOX compliance. Recently a software company Approva conducted a survey of more than 200 high-level finance and IT executives at listed companies. The purpose of this survey explored how executives at leading listed companies view their compliance-related investments.

Major findings of this survey are set out below:

• The vast majority of companies who currently use software to automate their controls think their investment will provide business value beyond SOX compliance.
• Despite the recognized value of automation, most companies have yet to automate the testing of their IT controls.
• ERP systems alone are not adequately equipped to support proper monitoring of controls to ensure regulatory compliance.
• Open, cross-application controls automation and monitoring solutions are critical in the audit process.
• Most companies who currently do not have a software solution for controls automation are planning to invest in one in the next year.
• Investment in audit preparation continues to rise.
• Most companies expect to realize measurable returns on their IT controls and compliance investents.
• Many companies believe SOX has been successful in helping to prevent corporate fraud and increase investor confidence.

In forseeable future, we can expect compliance monitoring to be more automated (therefore less labor-intensive), then the role of compliance officers would turn into being more analytical and advisory.