Sarbanes-Oxley 20th anniversary: Time to revisit SOX programs
Twenty years ago, in the aftermath of the Enron and WorldCom financial reporting scandals, Congress acted and created the Sarbanes-Oxley Act of 2002 (SOX). The legislation led to significant changes in how companies designed and monitored internal controls and how their auditors evaluated them.
There have been many changes in business operations, technology, regulations, and the economy overall since SOX was enacted. Companies’ compliance programs might not have been modified in response or more controls might have been added over time without reconsidering the continued value of controls put in place in prior years. Having and testing too many controls instead of focusing on key controls can lead to unexpected deficiencies in the effectiveness of internal control over financial reporting (ICFR).
Modernizing a SOX program can identify efficiencies and potentially reduce compliance costs while also providing insights to departments outside of accounting and finance. Below are recommendations on how to modernize SOX programs.