| Sarbanes Oxley compliance is not a one-day, a | | | | needlessly complicated. You should also make it very |
| one-month, or even a one-year project; instead, | | | | clear whose roles it will be to see to the Sarbanes |
| Sarbanes Oxley compliance should be built into your | | | | Oxley rollout and to whom these people will be |
| corporate infrastructure as early as possible when you | | | | ultimately answerable. |
| begin making changes. The more quickly you transition | | | | Improvisational approaches - Jumping into Sarbanes |
| your business into long-term strategy change, the | | | | Oxley compliance will simply not work. You need to |
| better you're going to be able to control Sarbanes | | | | step back and plan how you're going to be |
| Oxley compliance issues. | | | | incorporating the structures and requirements of |
| There are a number of issues you can expect to | | | | Sarbanes Oxley into your daily work routines. And |
| impede this process: | | | | once a plan has been defined, you must follow the |
| Project mindset - Your managers will probably look at | | | | plan, and ensure everyone else is also following it. |
| Sarbanes Oxley compliance as a project with a | | | | Underestimating the Impact to Technology - Sarbanes |
| clearly definable endpoint. This is not at all the case. | | | | Oxley would simply not have been possible twenty |
| The more quickly you can move to change their | | | | years ago. Technology is critical for your compliance |
| attitude, the more likely you'll have a clear and simple | | | | with this act. You can expect to make significant |
| transition into the new way of doing business. You can | | | | technology investments as you procede to implement |
| use such items as continual education and newsletter | | | | Sarbanes Oxley compliance. Investments will cover |
| updates as ways to show your managers that you | | | | such things as sustainable compliance with repository, |
| expect Sarbanes Oxley to change the way they do | | | | work flow, and audit trail functionality. In addition, your |
| business forever. | | | | internal control monitoring and reporting will depend |
| Manpower issues - Sarbanes Oxley compliance is not | | | | heavily on technology. At some large corporations, it |
| friendly to businesses who are trying to streamline their | | | | might be worth looking into hiring another full-time IT |
| workforce. Though you may have to increase the size | | | | person who has been specifically trained in |
| of your employee pool at the beginning of your | | | | implementing and maintaining Sarbanes Oxley |
| Sarbanes Oxley compliance process, you can expect | | | | technological infrastructure. |
| this pool to decrease as you gradually fold Sarbanes | | | | Ignored Risks - Risk assessment is vital in Sarbanes |
| Oxley compliance methodologies into your normal way | | | | Oxley compliance. One of the first meetings you |
| of doing business. | | | | should have as you implement Sarbanes Oxley |
| Poorly-defined roles in internal control - if you don't | | | | compliance is one on risk management. Inadequately |
| clearly lay out responsibilities such as auditing, | | | | assessing risk can lead to serious financial reporting |
| accountability, and project management, your | | | | errors that can render your investment in training and |
| Sarbanes Oxley compliance]tasks are going to be | | | | compliance useless. |