Creating and maintaining a sustainable Sarbanes-Oxley compliance framework requires the coordination of a number of functions, including Technology.  By technology we refer to all manner of Automation Systems, Mechanized Equipment, Information Systems, Software Architectures, Telecommunications Networks, Security and Safety Systems that an organization may employ in its business.  This includes purchased technologies and software systems as well as home-grown technologies and software systems, including internal infrastructures and external/outsourced infrastructures.

Ideally, the technology infrastructure as a whole is conceived, implemented and optimized to support business and compliance efficiencies. For this to occur, requires regular re-evaluations (at least annually) to assure that technology evolves to effectively support the business and to effectively sort all mandated laws and compliance rules. The Information Technology department’s strategic plan needs to be revised and evaluated in conjunction with the overall company strategic plan. Doing otherwise will lead to a divergence of goals.

Sustainability requires evaluating the role(s) and capabilities of all significant technology systems inside the organization, including outsourced functions’, to support effective Internal Control.  This is because effective Internal Control relies on automation for (at least) the following:

1. Reliable, systematic processing and integration of financial transaction data,
2. Decision support including estimations, allocations, budgeting and forecasting,
3. Access control to limit access to important and sensitive information or systems,
4. Protection of important data and infrastructure,
5. Timely notification of security breaches, loss of data, and other operating anomalies,
6. Management and protection of corporate assets,
7. Risk assessment and mitigation across dozens or hundreds of business processes,
8. Communication of critical business information, issues and status,
9. Audit support, and,
10. Testing and performance data to support the annual Management Assessment and Auditor Attest.

Additionally, sustainability requires evaluating how each of the organizations significant technologies support and exchange information between one another.  Well integrated technology systems tend to provide effective support in each of the areas listed above.  Poorly integrated systems tend to cause or introduce control weaknesses in one or more of the areas listed.

Appropriate technology can somewhat compensate for weak corporate cultures. Correspondingly, appropriate technology can enable strong corporate cultures to perform better.  It can help to make weak corporate cultures better able to sustain the necessary compliance overhead.  And appropriate technology can help a strong culture excel.  Software and hardware systems must be evaluated and integrated to reduce interface and interworking problems and to facilitate control assessments and audits.  Going forward, technology decisions must consider compliance and control integration with existing entity systems as a significant purchasing factor.  Replacement systems must be evaluated for how and where control deficiencies could arise during the replacement project and for how and where to change corporate processes to marry to the new technology.  

Home-grown and custom-developed applications are more susceptible to questions and tests (e.g. presumption of fraud) by auditors than off-the-shelf, established applications.  There is little to no concern that off-the-shelf software from a reputable software vendor contains malicious code, or that fraud may be readily propagated with the software.  Applications that are custom-developed or home-grown within an organization are subject to greater scrutiny and testing to assure that they are reliable.

Technologies and technology solutions (new or different software, new or different ways of using existing software, sound technology management, etc.) are common threads (e.g. pervasive) through all contemporary business processes.  Because of the pervasiveness they will be subject to increasing audit scopes each year going forward.  While automation has the capacity to reduce manual controls, and potentially result in less audit cycles and tests overall, increasing automation over time will serve to shift audit workloads towards a greater level of automation and technology audit and less manual audit.  With this view, Companies will do well to take a step back and evaluate their technology landscapes in view of where they need to go, and whether the technologies are readily audited and certified.  This step should include a hard look at what technology options will help the company to move forward and concurrently reduce audit overhead.

Our Team
Our team is comprised of experienced executives, managers and consultants who will assist your banking organization in the development, implementation and execution of comprehensive risk management and compliance strategies.  From the initial passage of  Sarbanes-Oxley in 2002, Visage has provided solutions to a client base ranging from private, entrepreneurial companies to large multinationals. 

Our Value 

• We involve your executive team, including your internal and external advisors, to guarantee solutions are absolutely consistent with your requirements.

• We allow you to concentrate on managing your business.

            For More information, visit our home page:  www.visagesolutions.com