OR&C Sponsor's analysis: Sarbanes-Oxley


None of the US or European respondents that are legally required to comply with SOx have decided to do so. Of those that are complying, 80% of those in the US feel the costs are too high and the benefits too low. However, the PCAOB seems to be giving guidance that will enable firms to focus on the higher-risk areas, which should help them to alleviate some of the cost and effort required. There may be a case that the in-depth nature of the process to date is largely due to consultancy houses trying to ensure they are not accused of missing any details. The EU has also intimated that it will not be going the prescriptive route for any similar legislation it might enact in the future.

On the upside, it seems companies have found an increased focus by senior management on op risk management and compliance. This, coupled with the benefits of increased reporting and control quality, should help to get senior level buy-in for future projects and efforts. With these two main points in mind it is odd to find that people are not concentrating their methodologies and technologies on ensuring a consistent approach across operational risk and SOx. Over a third of respondents had already purchased two separate systems or had no intention of purchasing a solution for either framework. It seems that both operational risk and SOx can learn from each other, and that the business benefits significantly from a cross fertilisation of ideas and technologies.

As the implementation of the SOx Act matures, it may turn out that a less detailed but more risk-focused approach, tightly coupled with op risk management efforts, will emerge and provide real value for money for the shareholders it had envisaged helping.

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: