With governmental regulations for compliance becoming all the more rigorous,
C-level executives are finding themselves between a rock and a hard place regarding
controlling costs and satisfying these more rigorous compliance demands. At
the same time, external auditors are getting more sophisticated in their investigations
of compliance - delving deeper into organizations' controls.
The situation can be likened to Edgar Allan Poe's short story, "The Pit
and the Pendulum." Every year, the audits get more onerous. The "blade"
of the auditors cuts deeper.
The ongoing economic crisis presents a whole other challenge. Companies are
strapped and trying to do more with fewer resources. Increasing scrutiny, coupled
with less budget - and, in general, less liquidity for devoting dollars to compliance
- presents a dire picture.
Yet, difficult times such as these offer organizations of all sizes the opportunity
to reflect on ways for driving process improvements, innovation and ultimately
competitive advantage. What if the appropriate C-level executives and their
organizations could automate repetitive tasks and free up their people to do
more strategic activities?
It's happening now through powerful second generation Governance, Risk and
Compliance (GRC) technology. This technology brings a laser focus to compliance
automation, which reduces the cost and hassle of demonstrating compliance, and
converts active compliance and auditing into value-added initiatives for business.
Honing Compliance and Business Processes
When Sarbanes-Oxley (SOX) was first passed, the main focus was Segregation of
Duties (SOD) to a very granular level. The time, energy and resources devoted
to internal audit and supporting the external audit saw no limits.
Today, organizations are being asked to provide results they didn't have to
in the past, yet with fewer resources. Companies are thinking long and hard
about how they can provide the same level of compliance reporting within a finite
budget.
Concurrently, companies and auditors alike are realizing that well-managed
and well-controlled systems extend beyond SOD to a number of IT processes. Companies
have a genuine interest in soundly managed IT and financial systems - not only
for compliance, but also for safeguarding investors and mitigating risks, such
as fraud, theft of data, system failures due to lack of controls, and catastrophic
outages.
1
Print this article
Email this article
Talk Back!
Write to Editor
