Since the Sarbanes Oxley Act (PDF) became law in 2002, corporations have largely risen to the challenge of meeting the law's requirements - implementing technology, controls, and processes to succeed at SOX audits and allow top executives to comfortably approve financial statements.
What's less well understood is that regulations like SOX are creating the opportunity for businesses to fundamentally improve risk management and IT governance. Complying with SOX and other regulatory regimes demands that corporations build transparency, communication, and automated controls into day-to-day business operations. Organizations that adopt compliance frameworks – rather than simply trying to satisfy legal requirements – are seeing the management benefits of transparency. They are reducing risk, improving efficiency, and becoming more effective.
In other words, compliance equals best practices, says Sanjay Anand, CEO of the Sarbanes-Oxley Group. "We are now embracing compliance as a necessary part of doing business and keeping the honest person honest."
Compliance can be the driving force that transforms a company into a holistic enterprise but it takes serious investment, starting with a commitment from the top. Forget about compliance as a burden. Although companies with over $5 billion in revenues spend about $10 million on SOX compliance, that's "chump change" compared to the benefits, Ken Williams, CA's VP of tech services, told Investor's Business Daily recently. "The need for effective process controls is now turning into a way to create big improvements through the use of automation," he said.