SOX and Audit
Within the world of audit, there are various components which must function effectively to streamline the processes and internal controls that make a coherent and correct audit of an organisation. A SOX framework is set up to optimise an organisation’s processes and regulate its internal controls to ensure a smooth running of the business.
With the steep increase in regulations being rolled out worldwide, companies are required to have a cleaner, more intelligent set of internal controls as higher levels of scrutiny places the focus on showing not just telling. A firm now require their clients to demonstrate that the correct controls have been executed and with that comes more documentation to prove the risks have been mitigated. Francisco Rodriguez, Director of Internal Controls at Genesys Telecommunications Laboratories, explains that “three years ago you could rely on a general perception that risks had been mitigated but things don’t work that way anymore and companies need to turn in a great deal more proof and documentation.”
When it comes to the internal audit function, Rodriguez asserts that the efficiency of an internal audit department rests greatly on how smart and savvy the company’s SOX programme is. The better a SOX programme operates the more reliance can be placed on the controls the management has put in place and subsequently the internal audit departments can dedicate a greater proportion of time to strategic risks. Put succinctly, SOX and audit complement each other if both are well executed.
With an increase in new companies going public there is an even greater demand for individuals with the skills to evolve along with the technology needed to operate SOX. Specifically in this cloud age, a company must have the ability to manage different ERP’s and systems and for this their internal controls should be immaculate. More than that, SOX serves as a means to reassure investors that a business is conducting its affairs to a certain degree of decorum.
Donal Smyth, VP of Financial Controls Compliance at Liberty Global, explains that the relevance of SOX is more pertinent when it comes to business than simply audit alone as it serves to enable management to articulate a positive view to the outside world regarding its operations. “From an audit standpoint it’s a bit harder to articulate the value,” Smyth says, “the audit guys can tend to look down on the SOX guys.” However, without SOX, internal audit would be facing the age old issue of why does this really matter and the issue of implementing internal controls would be a challenging one.
“SOX has educated management in areas of business that might not have previously realised how everything comes together in terms of producing information for external parties,” says Smyth, explaining that these days management are more attuned to internal perception. That education has spread across other areas of business including HR and legal which have a more supporting role rather than interfacing with external parties and Smyth asserts “in short it has improved the understanding in the business about the value of internal controls generally.” Moreover, when it comes to internal audit, the effective running of SOX frameworks has allowed those in the audit function to focus their attentions on areas of higher risk and as Smyth highlights, “spread their wings into more technical areas from an operational standpoint applying a risk-based approach.”
SOX enables those in audit to produce quality information to the wider market and reassures both management, stakeholders and investors that with strong and effective systems in place the data produced from them is ultimately reliable. Creating a clear conversation across the business on the importance and value of internal controls further improves their functionality and effectiveness as the entire company thus unites to work together in producing effective and coherent audits and reliable information for external parties.