Market volatility, increased stakeholder expectations and ever-evolving risks have made the future murkier than ever — and as the U.S. approaches an economic recession, budget and financing concerns are likely top of mind. To keep your competitive edge while navigating these changes on the horizon, it’s critical to put the necessary processes and frameworks in place via a robust SOX program. A recession is a good time to ramp up, not slow down, your efforts to be SOX compliant, which is a requirement for public companies and simply good business practice.
Use the questions on this checklist to determine where your organization can drive more value from your current internal audit and SOX programs and help future-proof your business.
Have you assessed your current risk and control environment?
Refreshing your SOX program requires revisiting your current protocols and identifying opportunities for improvement. Evaluating your current risk and control environment against industry regulations and best practices will help you better adapt to a changing environment, pinpoint potential risk exposure and tailor your existing protocols to meet your shifting needs.
Do your SOX efforts align with your organization’s governance structure?
Robust governance and proper oversight are both necessary to drive value from your SOX program. As organizations change, so does their governance structure. The SOX program needs to stay agile and keep pace with governance changes while providing direction to the management team. If your SOX program falls behind, you could miss crucial opportunities to achieve your goals, mitigate risk and maximize profitability.
Is your team equipped to handle the continued focus on sustainability and ESG?
Accurate and complete reporting is a significant part of evaluating non-financial risks to your organization. Though there are not yet SOX-like attestation requirements for environmental, social and governance (ESG) reporting, a future SOX framework for ESG is likely on the horizon — and the time to prepare is now. As ESG and non-financial reporting become an integral part of your company’s reporting process, your team needs to be equipped with the proper tools, training and skillsets to build effective internal controls.
Do you have the right people and training protocols in place to make sure your team understands how to build internal controls for non-financial focus areas?
As new focus areas become in scope for your company, building an effective and transparent SOX compliance program that continuously evolves is more important than ever to ensure a truly risk-based operating model, supported by the proper skill sets and technology. Make sure you have a seat at the table to help guide your organization as new processes, systems or other changes are introduced.
Does your staff have a diverse skill set and do you provide training to help them upskill?
Strengthen your workforce’s capabilities now to get ahead of any impending disruption. Are there gaps in knowledge that need to be addressed? What about blind spots in your teams’ skill sets? Identify areas where you can cross-train your team on non-financial controls and on key business protocols. If you still lack the resources needed to fill your control gaps, determine areas where you may need to co-source or outsource SOX compliance efforts.
Does your SOX program consider the IT environment?
A sound control environment is critical to maintain SOX compliance. Because financial data is increasingly stored in the cloud, your IT environment is a significant risk factor. And, as cyber threats become more commonplace, the risk of security breaches or data loss only increases. Integrating your SOX and enterprise resource management (ERM) programs can help you strengthen ERM efforts and reduce control maintenance.
Bottom Line
If you were unable to check off all the items on the checklist, your internal audit and/or SOX program likely needs improvements. Recalibrating these programs, or even blending the two, can help you achieve optimal value and prepare for the recession ahead — without facing increased costs.
Armanino can help you build a clear SOX compliance protocol that can help you ease budget constraints and face the future with confidence. To learn more about future-proofing your business, contact our Risk Assurance & Advisory experts.