Commercial Enterprises and Sarbanes-Oxley

Companies publicly traded and SEC regulated are seeking to formalize their approach to managing enterprise risk and policy compliance.  TotalCompliance, developed by ComplianceBridge Corporation is a software-as-a-service solution that authors, publishes, distributes, audits and measures policy compliance.

TotalCompliance facilitates communication of corporate policies to employees in the organization. Policies can be organized in a hierarchy that filters policy distribution on a “need to know” basis. Reporting tools provide executives with feedback that helps them manage compliance with organization and regulatory requirements.

TotalCompliance manages enterprise risk and policy compliance through irrefutable acceptance confirmation and providing an auditable record of Due Diligence.

TotalCompliance has been designed and built with technologies that support multiple browsers, operating systems, and databases. It is patent pending technology in the executable compliance policy paradigm.

US Sarbanes-Oxley Act of 2002 (SOX)

The Sarbanes-Oxley Act provides for corporate rules, regulations and standards for publicly traded, SEC regulated companies. The SEC has mandated the use of an internal framework as the implementation vehicle for these new SOX rules.  Specifically, the framework provided by the Committee of the Sponsoring Organizations of the Treadway Commission (COSO) is the recommended standard. 

Section 404 of Sarbanes-Oxley addresses internal control over financial reporting.  In fact, Section 404 requires the management of public companies to assess the effectiveness of the organization’s internal control over financial reporting and annually report the result of that assessment.

There is a plethora of information available regarding the importance of the Act and internal controls in general. Very little, however, has been written about the significance of information technology in the assessment of an organization’s effectiveness in managing their internal controls over financial reporting.

For most organizations, the role of IT will be crucial in achieving effective internal control over financial reporting. Whether an enterprise-wide ERP system has been deployed or silos of operational and financial management software applications have been built, IT is the foundation of an effective system for internal controls.

An important consideration — COBIT Linkages

The IT Governance Institute has developed linkages between the IT controls — as portrayed in COBIT — to the IT general control categories identified in the PCAOB standard, and these identified control objectives are linked to the COSO internal control framework.

Why is this important? COBIT is ground zero for many IT organizations as they embrace the stringent regulatory and compliance environment of Sarbanes-Oxley. The IT Governance Institute and specifically their report, IT Control Objectives for Sarbanes-Oxley, April 2004, provides references to this important linkage.

To learn more about TotalCompliance please call or send an email to moreinfo@compliancebridge.com.