The advice Ecora Software's Brian Cote offers in the Sarbanes-Oxley Compliance Journal isn't anything we haven't heard before, but it's good advice that bears repeating.
In a nutshell, he says most companies that fail Sarbanes-Oxley audits do so because their approach to compliance is reactive and event driven. On the other hand, successful companies are those that approach compliance strategically -- as a sustainable, integrated business process.
He then lists several concepts that are key to sustainable compliance. They include:
- automation, which increases consistency and preparedness by removing the "human element" from the process.
- periodic evaluation/self-assessment, which raises awareness when changed requirements make adjustments necessary.
- understanding "the relationship between IT and overall business requirements" so that the two remain on the same page.
- practicality, which enables companies to manage compliance satisfactorily without sacrificing other needs of the business. In other words, "an A is great, but sometimes a C is enough."
- approaching compliance as an opportunity, both in terms of optimizing the effectiveness and efficiency of technology and in maintaining open communication with the audit team.