Moving Beyond Initial Compliance
Sarbanes-Oxley accelerated filers spent countless hours and resources on initial compliance and in preparation for the filing of their first Section 404 certification. As the focus shifts to ongoing monitoring and maintenance, organizations must avoid complacency and recognize that compliance is not a one time event. There is a significant risk of noncompliance beyond year one if an organization does not have a long-term strategy and comprehensive compliance plan implemented that will support the required quarterly and annual certifications.
Compliance planning for subsequent years necessitates a reassessment of requirements and an approach definition that differs from the first-year compliance readiness plan. A more sustainable and practical program that is based on new and/or clarified guidelines must be developed and implemented. The plan may involve the implementation of new technology and a modified focus on process and policy that will support a more efficient and cost-effective approach to ongoing compliance.
An efficient and effective infrastructure that enables repeatable, reliable activities such as documentation reviews and updates, testing, and remediation is key to ongoing compliance. Because the Act requires the linking of Section 404 monitoring efforts to quarterly reporting under Section 302, companies must have the capability to conduct quarterly evaluations and to report any changes in internal controls over financial reporting ...
Get Sarbanes-Oxley Ongoing Compliance Guide: Key Processes and Summary Checklists now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
