Sarbanes-Oxley legislation has made corporate governance a mandatory element of financial reporting, operational control and the daily running of a publicly traded company. Specifically, Section 302 requires senior management to establish and maintain internal controls that are comprehensive in ensuring the integrity of external financial information. Section 404 requires that each annual report also include an internal control report (ICR). This additional report must contain an assessment of the effectiveness of the internal control structure and procedures affecting external financial reporting.

Technology facilitates the enforcement of the compliance approach for any corporation. The following four areas all play a significant role:

Securities and audit control -
To establish the architectural framework to support the Sarbanes-Oxley requirements of technology governance and audit control, including security of reporting environment, management and worker control span, and fraud detection.

Business Process Management (BPM) -
To design, test, document, and monitor execution of key business processes to ensure standardization and enforcement.

Document and records management -
To manage critical business documents in support of the process and control documentation efforts, all drafts integral to preparation of financial reports, and to solidify and standardize corporate policies for communication and records retention.

Reporting and risk management -
To establish a real-time reporting architecture that ensures alignment and accountability throughout all levels of the organization, including rapid assessment of material events and their financial effect as defined in Section 409 of Sarbanes-Oxley, and to disclose the appropriate metrics to the appropriate people internally and externally.

Expert guidance, training and education, and consulting surround the model, delivering the critical support corporations will need to understand the implications and evolutions of various compliance regulations, access readiness and gaps, build a short- and long-term Information Technology strategy, select and evaluate various tools, and eventually implement controls, processes, and decision support systems.

Odesus can help you establish the management structure and the controls needed to not only meet, but also exceed Sarbanes-Oxley requirements..

From a general perspective, corporations need to address the following management areas in order to become compliant with Sarbanes-Oxley:

  • Information Reliability Policy
  • Controls Architecture
  • Controls Infrastructure
  • Control Procedure Assessment
  • Controls Compliance Plan (Project Plan)
  • Controls Development Projects