| Sarbanes Oxley compliance is not a one-day, a | | | | needlessly complicated. You should also make it very |
| one-month, or even a one-year project; instead, | | | | clear whose roles it will be to see to the Sarbanes |
| Sarbanes Oxley compliance should be built into your | | | | Oxley rollout and to whom these people will be |
| corporate infrastructure as early as possible when | | | | ultimately answerable. |
| you begin making changes. The more quickly you | | | | Improvisational approaches - Jumping into Sarbanes |
| transition your business into long-term strategy | | | | Oxley compliance will simply not work. You need to |
| change, the better you're going to be able to control | | | | step back and plan how you're going to be |
| Sarbanes Oxley compliance issues. | | | | incorporating the structures and requirements of |
| There are a number of issues you can expect to | | | | Sarbanes Oxley into your daily work routines. And |
| impede this process: | | | | once a plan has been defined, you must follow the |
| Project mindset - Your managers will probably look at | | | | plan, and ensure everyone else is also following it. |
| Sarbanes Oxley compliance as a project with a clearly | | | | Underestimating the Impact to Technology - |
| definable endpoint. This is not at all the case. The | | | | Sarbanes Oxley would simply not have been possible |
| more quickly you can move to change their attitude, | | | | twenty years ago. Technology is critical for your |
| the more likely you'll have a clear and simple transition | | | | compliance with this act. You can expect to make |
| into the new way of doing business. You can use | | | | significant technology investments as you procede to |
| such items as continual education and newsletter | | | | implement Sarbanes Oxley compliance. Investments |
| updates as ways to show your managers that you | | | | will cover such things as sustainable compliance with |
| expect Sarbanes Oxley to change the way they do | | | | repository, work flow, and audit trail functionality. In |
| business forever. | | | | addition, your internal control monitoring and reporting |
| Manpower issues - Sarbanes Oxley compliance is not | | | | will depend heavily on technology. At some large |
| friendly to businesses who are trying to streamline | | | | corporations, it might be worth looking into hiring |
| their workforce. Though you may have to increase | | | | another full-time IT person who has been specifically |
| the size of your employee pool at the beginning of | | | | trained in implementing and maintaining Sarbanes |
| your Sarbanes Oxley compliance process, you can | | | | Oxley technological infrastructure. |
| expect this pool to decrease as you gradually fold | | | | Ignored Risks - Risk assessment is vital in Sarbanes |
| Sarbanes Oxley compliance methodologies into your | | | | Oxley compliance. One of the first meetings you |
| normal way of doing business. | | | | should have as you implement Sarbanes Oxley |
| Poorly-defined roles in internal control - if you don't | | | | compliance is one on risk management. Inadequately |
| clearly lay out responsibilities such as auditing, | | | | assessing risk can lead to serious financial reporting |
| accountability, and project management, your | | | | errors that can render your investment in training and |
| Sarbanes Oxley compliance]tasks are going to be | | | | compliance useless. |