Skip to main content
Perspective:
Perspective

SOX modernization

Optimizing compliance while extracting value

In the years since the Sarbanes-Oxley Act of 2002 (SOX) was enacted, there have been significant developments in technology, methodology, and business and operating environments; however, the SOX program at many companies may not have evolved at the same pace, or at all. Through modernization, a company can optimize its SOX program, achieve efficiencies, extract value and insights to share with other areas of the organization, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.

SOX Modernization: Optimizing compliance while extracting value
1 MB PDF
SOX modernization summary
2 MB PDF

It’s time to refresh and rethink SOX

Many programs and processes at companies can succumb to the proverbial saying, “If it ain’t broke, don’t fix it.” This can be exacerbated by competing priorities due to an evolving business environment, new or revised regulatory requirements, changing technology, and so on. For many public companies, the SOX program established to comply with the regulatory requirements of the Sarbanes-Oxley Act of 2002 (SOX) may have also fallen into a “rinse and repeat” pattern.

A SOX program that has not been challenged in years may be stale, which could be a drain on resources and impede performance, particularly if this compliance program is treated more like a “check-the-box” activity.

After having an established SOX program for years, especially one that may not have kept up with the pace of change, it’s time to refresh, rethink, and modernize. Through modernization , a company can optimize its SOX program, achieve efficiencies, extract value and insights to share with other areas of the organization, and potentially lower the related cost of compliance while still achieving reasonable assurance for regulatory compliance.

An established governance structure and clear accountability are fundamental to an effective operating model. Defining the overall governance structure of the SOX compliance program can help to ensure there is oversight by those resources with the appropriate skill set and level of authority to drive the strategic vision of the SOX program while defining roles and responsibilities can help drive accountability throughout the company.

After years of complying with SOX, some companies may no longer perform a robust risk assessment through a critical lens. Refreshing the risk assessment can help to determine if there is a shift in which areas that company should focus on due to new or changed risks. There may also be an opportunity to harmonize risk assessment efforts across other compliance activities throughout the organization.

Identifying opportunities to automate and digitize can support a company’s efforts to modernize its SOX program. Options for automation include automating control testing, automating control operation, automating an entire process, and implementing a governance, risk, and control (GRC) tool.

Where to go from here

By refreshing and modernizing the SOX program, a company can identify opportunities to increase efficiency, shift focus and efforts to areas that matter most, potentially reduce the cost of compliance, and extract value and provide insights.
 

Find out more about our SOX and ICFR Services

Contact us

We'd like to hear from you.

Send us a message Send us a message

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Get in touch

Lindsay Rosenfeld

Lindsay Rosenfeld

Partner, Audit & Assurance | Deloitte & Touche LLP
+1 313 310 0595
Patty Salkin

Patty Salkin

Managing Director | Deloitte & Touche LLP
+1 609 806 7279