Study Shows Progress In Internal Controls Effectiveness
Posted on December 11th, 2007 by admin »Permalink
Compliance Week (subscription required) recently released a study on the effectiveness of internal controls implemented in the wake of Sarbanes-Oxley. Financial Week covers it here, but the gist is that there is clear progress being made three years into the internal controls requirements that SOX has mandated.
The highlights? Large filers last year disclosed only a third of the number of the material weaknesses in internal controls that they reported three years ago. Restatements are also down, as are late filings and corporate litigation. And more weakness disclosures are being filed quarterly than annually, which the CW folks point to as a positive sign that companies are uncovering and disclosing problems more quickly.
This is indeed a step in the right direction, and something for corporate America to be proud of. It’s gratifying to see tangible results on the vast amounts of time and money that have gone to attaining and maintaining SOX compliance. But it’s also a reminder of how much farther we have to go to truly get our money’s worth out of GRC investments.
Focusing on compliance issues like general computing and user-access controls is necessary and useful for compliance efforts, but it is in improving the efficiency and effectiveness of these controls where companies will see actual business improvement. When controls themselves become more efficient and effective, they can begin to provide meaningful intelligence about the business and where processes can be improved, with benefits including reduced time and expenses involving external audits, reduced fraud and mistakes, and decreased time required to test and monitor controls.
Governance, risk and compliance (GRC) is still a relatively new concept, and most companies are still on the cusp of realizing its true potential. When we discuss with our clients the “vision” of GRC, they understand what we are saying, and the value that such an approach holds. But they aren’t yet addressing GRC on a day-to-day basis. Many have invested in boosting the efficiency of compliance systems, but we have yet to see widespread dedication to making controls more effective – and an even smaller number are actively trying to realize the link between compliance systems improvement and improved business processes.
Time will tell how the GRC market ultimately evolves – whether it can grow to encompass all the markets it entails and bring together functions from board-level dashboards for enterprise risk management to IT regulatory compliance testing tools, and whether there exists or could feasibly exist a single comprehensive GRC solution. But the vision is there, and the rewards are real. Here’s to all of us being part of the dialogue.
- Dana Hamerschlag, Senior Director, Product Marketing
January 29th, 2008 at 1:51 pm
[...] December 11, 2007 Study Shows Progress In Internal Controls Effectiveness Posted in: Executive Spotlight, Post of Note with: 0 comments [...]
February 4th, 2010 at 11:34 am
[...] is something we’ve been talking about at Approva for ages – and one of the best things about our Continuous Controls Monitoring solutions is that they [...]
February 10th, 2010 at 9:50 am
[...] of the business. This is something that McClean says is critical to their success . . . and that we’ve been saying for some time ourselves, actually. (A subscription is required for the full report, but Chris’s blog post on this one will give you [...]
February 16th, 2010 at 11:43 am
[...] a tipping point with Continuous Controls Monitoring, where a critical mass is beginning to see what we’ve been saying for a good while about the need for real-time visibility into operations – not only for risk [...]