| Sarbanes Oxley compliance is not a one-day, a | | | | complicated. You should also make it very |
| one-month, or even a one-year project; | | | | clear whose roles it will be to see to the |
| instead, Sarbanes Oxley compliance should be | | | | Sarbanes Oxley rollout and to whom these |
| built into your corporate infrastructure as | | | | people will be ultimately answerable. |
| early as possible when you begin making | | | | |
| changes. The more quickly you transition your | | | | Improvisational approaches - Jumping into |
| business into long-term strategy change, the | | | | Sarbanes Oxley compliance will simply not |
| better you're going to be able to control | | | | work. You need to step back and plan how |
| Sarbanes Oxley compliance issues. | | | | you're going to be incorporating the |
| | | | structures and requirements of Sarbanes Oxley |
| There are a number of issues you can expect | | | | into your daily work routines. And once a |
| to impede this process: | | | | plan has been defined, you must follow the |
| | | | plan, and ensure everyone else is also |
| Project mindset - Your managers will probably | | | | following it. |
| look at Sarbanes Oxley compliance as a | | | | |
| project with a clearly definable endpoint. | | | | Underestimating the Impact to Technology - |
| This is not at all the case. The more quickly | | | | Sarbanes Oxley would simply not have been |
| you can move to change their attitude, the | | | | possible twenty years ago. Technology is |
| more likely you'll have a clear and simple | | | | critical for your compliance with this act. |
| transition into the new way of doing | | | | You can expect to make significant technology |
| business. You can use such items as continual | | | | investments as you procede to implement |
| education and newsletter updates as ways to | | | | Sarbanes Oxley compliance. Investments will |
| show your managers that you expect Sarbanes | | | | cover such things as sustainable compliance |
| Oxley to change the way they do business | | | | with repository, work flow, and audit trail |
| forever. | | | | functionality. In addition, your internal |
| | | | control monitoring and reporting will depend |
| Manpower issues - Sarbanes Oxley compliance | | | | heavily on technology. At some large |
| is not friendly to businesses who are trying | | | | corporations, it might be worth looking into |
| to streamline their workforce. Though you may | | | | hiring another full-time IT person who has |
| have to increase the size of your employee | | | | been specifically trained in implementing and |
| pool at the beginning of your Sarbanes Oxley | | | | maintaining Sarbanes Oxley technological |
| compliance process, you can expect this pool | | | | infrastructure. |
| to decrease as you gradually fold Sarbanes | | | | |
| Oxley compliance methodologies into your | | | | Ignored Risks - Risk assessment is vital in |
| normal way of doing business. | | | | Sarbanes Oxley compliance. One of the first |
| | | | meetings you should have as you implement |
| Poorly-defined roles in internal control - if | | | | Sarbanes Oxley compliance is one on risk |
| you don't clearly lay out responsibilities | | | | management. Inadequately assessing risk can |
| such as auditing, accountability, and project | | | | lead to serious financial reporting errors |
| management, your Sarbanes Oxley | | | | that can render your investment in training |
| compliance]tasks are going to be needlessly | | | | and compliance useless. |