By Yang Zheng, Senior Director of Customer Success at SureCloud
Published on 23rd January 2023
The Sarbane-Oxley Act (SOX) is a piece of US governance brought in to protect investors by increasing transparency in financial reporting for public companies. It came to fruition in 2002 and has seen great success, with the Center for Audit Quality reporting that 74% of US investors express confidence in US capital markets.
However, a SOX compliance change management plan is needed to stay on the right side of this promising new legislation.
In my last blog on the topic, UK SOX: Everything Your Organization Needs to Know About Compliance, I looked at the expectations surrounding the equivalent UK legislation, colloquially named ‘UK SOX’, which is supposedly due to arrive later this year. There is no firm date for it, but as we get closer to the final version, it’s an excellent time to dive deeper into the benefits of implementing SOX and provide some preparatory steps and key recommendations to help your organization get ready.
The number of regulations a company is governed by can be overwhelming, especially if it operates across numerous countries and industries, and adding another piece of legislation to the mix can be stressful. This is especially true when reports suggest that the average cost to maintain compliance can total up to an estimated $10,000 per employee.
While UK SOX promotes transparency so that investors can invest more confidently, there are also wider business benefits if implemented successfully and used as an opportunity to refresh your entire compliance infrastructure.
Thankfully, the UK can see how US businesses have already implemented this legislation and which tactics have worked best. To operationalize SOX, companies should be looking to implement the following into a SOX compliance change management plan:
In many instances, companies already use risk and compliance frameworks that will still be applicable under UK SOX. Businesses don’t need to create different activities and tasks if they meet the requirements. If there is overlap, it’s an opportunity to reduce repetitive processes. Companies need to start assessing their current actions and evaluate how the compliance management workload will shift.
The most important takeaway from this discussion is that it’s not too early to start planning for the move. While we don’t have any exact dates on when UK SOX will arrive, we do know that it’s coming soon and that it will be mandated. Businesses should take advantage of this time to prepare.
Ask yourself questions such as:
If not, then you need to look at how you can start putting these strategies in place, whether by utilizing a GRC tool or building a manual strategy that has the capacity to manage the robust, consistent and repeatable nature of UK SOX.
SureCloud offers a combination of compliance software and services to guide you through your SOX compliance change management activities. GRC is what we do, which means our expertise will keep you on the right side of regulation and uncover opportunities to improve your risk and compliance posture.