One really effective entity-level monitoring control may eliminate the need to do many transaction-level controls.
In the global economy of the 21st century, innovation often plays a vital role in differentiating a company and bringing it to a position of industry leadership. Strategic innovation around SOX execution can lead to better strategic use of your existing resources.
When was the last time you rationalized your SOX function?
Our survey explored the opportunities for applying innovative practices to the SOX function and found this to be a relatively untapped option.
For instance, when asked when the last time a controls rationalization/optimization or other innovative exercise had been conducted, only 52% of respondents said it had been during the current fiscal year.
Specific innovative practices we asked about included:
- Use of control self-assessment (58% do not use at all)
- Peer reviews (63% do not use at all)
- Incorporating the SOX function into ERM program (48% do not)
- Creating more entity-level controls (94% had fewer than a quarter of their key controls as entity-level controls)
What is the percentage of entity-level controls that make up your total key controls?
Entity-level controls as percentage of total key controls
The use of entity-level controls is a particularly under-utilized opportunity. Since one really effective entity-level monitoring control may eliminate the need to do many transaction-level controls, companies can significantly reduce the testing workload by properly designing robust and effective entity level controls.
There appears to be good reason to explore such innovative practices: they help deliver additional value for the business.
There are also opportunities to get ahead of the competition:
- Explore and develop innovative ways to generate more usable SOX information and (or)
- Put SOX testing/data to more diversified use
Leveraging SOX information and testing across other functions/departments within a company will decrease the burden felt by the business units. There are also opportunities to get a leg up on the competition by building the SOX function into the regular ebb and flow of business operations — by using self assessments or peer reviews.
Once you change the mindset at the business-unit level, the SOX function can move beyond compliance and into helping manage and monitor the business on a continuous basis.
A greater percentage of respondents who were “less than satisfied” with the ability of their SOX function to add value do not use the most progressive or innovative practices: