OR&C Sponsor's analysis: Sarbanes-Oxley


None of the US or European respondents that are legally required to comply with SOx have decided to do so. Of those that are complying, 80% of those in the US feel the costs are too high and the benefits too low. However, the PCAOB seems to be giving guidance that will enable firms to focus on the higher-risk areas, which should help them to alleviate some of the cost and effort required. There may be a case that the in-depth nature of the process to date is largely due to consultancy houses trying to ensure they are not accused of missing any details. The EU has also intimated that it will not be going the prescriptive route for any similar legislation it might enact in the future.

On the upside, it seems companies have found an increased focus by senior management on op risk management and compliance. This, coupled with the benefits of increased reporting and control quality, should help to get senior level buy-in for future projects and efforts. With these two main points in mind it is odd to find that people are not concentrating their methodologies and technologies on ensuring a consistent approach across operational risk and SOx. Over a third of respondents had already purchased two separate systems or had no intention of purchasing a solution for either framework. It seems that both operational risk and SOx can learn from each other, and that the business benefits significantly from a cross fertilisation of ideas and technologies.

As the implementation of the SOx Act matures, it may turn out that a less detailed but more risk-focused approach, tightly coupled with op risk management efforts, will emerge and provide real value for money for the shareholders it had envisaged helping.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here