Part 5 – SOX Sustainability – Functional
Integration
Creating, maintaining and operating a sustainable
Sarbanes-Oxley compliance framework require
significant functional integration and coordination.
In Part 3, we discussed technology integration while
in this article we will focus on departmental or
functional integration. A clearly articulated plan
for compliance, that all departments of the
enterprise understand their role and others is a
great start. The Accounting Department must
understand what Information Technology is
doing to improve corporate process, and vice versa.
Treasury Services needs to advise Internal
Audit and MIS when it changes providers
of electronic funds transfer (EFT) services, notably
if a new vendor-furnished software system is part of
the change. And Internal Audit needs to know
when internal control processes anywhere in the
organizations will change so it can coordinate
management assessment and attestation requirements.
Lack of integration and coordination causes
duplicate or triplicate work across the enterprise
and may lead to attestation issues.
Integration and coordination must exist within the
enterprise and include outsourced service providers
supporting the initiative. This is especially true
when timelines are short for completing the
compliance work (or process make-overs). Companies
must dedicate resources and funds to establish an
effective, real-time integration mechanism.
Generally, integration requires conspicuous thought
and effort:
- How will we align our
internal and external resources to best achieve
the sustainability goals without disrupting our
business?
- How will we coordinate
progress and open issues across departments to
assure prompt action and issue resolution?
- What is the best method to
communicate issues, results, and open items?
What is the appropriate frequency?
- How will we resolve
contentious or diverging needs and approaches?
-
How will we assure that material events, as
contemplated by
§409 of the Sarbanes-Oxley act, result in
a timely 8K disclosure?
And technology integration brings its own set of
concerns:
- How will we ensure that
there are no data interchange problems between
the corporation’s major systems?
- If we introduce a new
Accounting module or Inventory System, how will
we assure ourselves and our auditor that the
systems are properly integrated?
- Are all of our data
protection, security, and virus protection
systems current and configured correctly?
- Do we have the “right”
systems to support our business – what can be
done to stretch our current technologies to
support our people and process?
Integration may be best viewed as a process of
removing barriers and impediments to efficient
business operations and using technology to support
that operation. The only way to achieve synergy is
to integrate process, culture and technology to
achieve an optimal mix for the enterprise at a point
in time.
While
§404 is concerned with the effectiveness of
internal control over financial reporting, the
reality is that efficiency is only attainable
through integrated and effective operations,
financial, disclosure and regulatory processes
across the enterprise. It is virtually impossible
to segregate or isolate “financial reporting
processes” from ongoing business process. If they
are efficient, they are already merged. Creating an
efficient framework inclusive of SOX requirements
will require considering the merged processes, and
re-integrating or re-aligning new processes or
technologies to meet a new set of goals.
Integration requires aligning culture, process and
technology toward one or more established goals.
Without specific, sustainability goals, the result
will be a number of ad-hoc or conflicting
frameworks.
Supporting this alignment or integration may require
specialists trained in management, technology and
business process functions. Internal program
managers with management and technology experience
may fill the bill. Many companies will do well to
look outside their organizations to find
professionals who provide objective guidance and
feedback to help optimize and align culture, process
and technology. Experienced program managers and
consultants can also evaluate and design
communications mechanisms to assure that all
critical parties are abreast of progress and issues,
and that timely, “integrated” actions take place to
move the initiative forward. Persons who are weak
in project management skills and/or who have very
limited experience in management, technology and
process evaluations are probably poor candidates to
administer the type of program that we are
describing. At a minimum the Project Manager should
be someone who has significant experience in process
management/re-engineering and at least one of the
other two factors.
Achieving sustainability also requires integrating
incentives and drivers to reasonably assure the
voluntary alignment of functions on a long term
basis. Bonuses and awards should re-inforce correct
behaviors. As discussed above, this requires
establishing over-arching sustainability goals and
then removing the barriers that derail efficient
process.
Our Team
Our team is
comprised of experienced executives, managers and
consultants who will assist your banking
organization in the development, implementation and
execution of comprehensive risk management and
compliance strategies. From the initial passage of
Sarbanes-Oxley in 2002, Visage has provided
solutions to a client base ranging from private,
entrepreneurial companies to large multinationals.
