New Horizons: Enterprise-Wide Compliance: A Better Way to Manage Regulatory Demands

Article excerpt

EXECUTIVE SUMMARY

* COMPLYING WITH SARBANES-OXLEY HAS LED many companies to search for a better way to manage all the regulatory demands they face. Some are doing so on an enterprise-wide basis by coordinating and integrating compliance into all facets of their business.

* COMPANIES NEED A FRAMEWORK TO HELP them manage their enterprise-wide efforts to comply with applicable laws, regulations and industry standards. Frameworks have been developed by ISO and COSO, or companies may find it appropriate to develop their own.

* CROSS-FUNCTIONAL COMMITTEES CAN HELP companies integrate compliance into day-to-day work and handle issues such as whistleblowing, code-of-conduct oversight and recurring regulatory compliance.

* MANY COMPANIES SEE ENTERPRISE-WIDE COMPLIANCE as an opportunity to enhance productivity, develop more effective processes, lower transaction costs and optimize controls. It also makes organizations less dependent on individual knowledge as processes are documented well enough for new employees to learn and implement.

* CPAs PLAY AN INTEGRAL ROLE IN THE COMPLIANCE process. Most compliance activities have financial implications and accountants will need to be involved in any effort to streamline or otherwise modify them.

**********

Let's face it. Compliance with the Sarbanes-Oxley Act isn't a one-shot deal. With companies expected to spend $80 billion on compliance initiatives in the next five years, CPAs and other financial executives face ongoing regulatory pressure. Some days it must seem they are navigating a strange sort of alphabet soup thanks to rules from the SEC, the IRS, NYSE and FASB, not to mention laws and standards popularly know as Basel II, HIPAA and SOX. Because so many of these regulations involve a company's financial activities, CPAs are uniquely positioned to take a lead role in developing a comprehensive approach to corn plying with them.

It is the latest of these laws--Sarbanes-Oxley--that has been a catalyst for many companies to search for a better way to manage these demands. Some entities have begun doing so on an enterprise-wide basis by coordinating and integrating compliance into all facets of the business, not only to streamline the process but also to improve operational efficiency and manage the company better. In many cases it is the sheer scope and breadth of Sarbanes-Oxley that is driving the effort.

Because Sarbanes-Oxley compliance usually centers on accounting and finance, CPAs are critical to a company's development of an enterprise-wide compliance approach. This article explains how this strategy works and what forms it can take, the role CPAs can play in implementing it and what goals it can help companies achieve.

COMPLYING COMPANY-WIDE

Enterprise-wide compliance requires an overarching framework for managing efforts to comply with the laws, regulations and industry standards that apply to a company. Some companies use frameworks developed by groups formed specifically for this purpose while others rely on existing frameworks, such as the one the International Organization for Standardization (ISO) developed for continuous process improvement or the Committee of Sponsoring Organizations of the Treadway Commission (COSO) frameworks. (See "Resources," page 79.) The exact approach a company takes to enterprise-wide compliance will vary according to its needs and the rules it must follow. CPAs interested in taking a lead role in enterprise-wide compliance can begin by studying these frameworks to see whether their company can adapt one of them to meet its needs or whether the entity should develop its own framework.

From there, CPAs should identify the compliance areas a more consistent enterprise-wide approach can satisfy and what that approach should look like. CPAs can help companies refine the experience of complying with section 404 of Sarbanes-Oxley as the foundation of an enterprise-wide framework. …