Even if your company is not required by law to comply with Sarbanes-Oxley, it’s a great business yardstick to employ in uncovering and improving upon your Enterprise Resource Planning (ERP) system’s flat sides. In today’s fast-paced business environment, it’s valuable to note that being aware of weaknesses inside your organization is every bit as important as knowing its strengths.

By the very essence of the Sarbox initiative in this country, there is keen insight for businesses showing that while exploiting strengths may get companies ahead, knowing weaknesses will keep them out of trouble.

Initiating Sarbox compliance can provide a significant barometer, because the heart of what Sarbox is about focuses on establishing good business practices and ensuring proper controls are in place to highlight potential issues. Even with firms as small as 100 people, having the proper business controls in place allow a company to know where its weak spots reside. Perhaps a company may not choose to act on an exposed ERP flat side immediately but having it illuminated, however, gives opportunity to monitor the situation, and offers a decided advantage in being able to make better decisions moving forward.

Often, small to medium companies truly are not aware of what their Enterprise Resource Planning (ERP) systems can do — or they conversely have a false sense of security that their ERP is structured to prove Sarbox compliance. An ERP system may tout workflow, for instance, but the information isn’t recorded for posterity or the company actually couldn’t produce proof of compliance. It’s less of an issue with today’s improved software, as improved architecture makes for easier tracking, but nevertheless still is an issue to consider.

Sometimes small to medium businesses believe they are too small to be concerned with the types of controls that Sarbox compliance can bring forth. They are apprehensive that staff may consider such controls as "mistrust." As IT departments are so intricately entwined in almost every company, for example, an internal controls assessment can automatically become an IT audit as well. In truth, having well-thought-out internal controls is simply is good business practice for any company, regardless of size.