SEC and Business Development 1897
VT last edited by
What major impacts does SOX have on marketing/business development efforts?
harrywaldron last edited by
Hi VT and welcome to the forums :)%0ASome of the major impacts include:%0A1. Financial controls are essential for design into the framework of new products, workflows and IT systems. %0A2. It’s better to plan for and design SOX related requirements into all new endeavors. This includes checks-and-balances, autonomy controls, change management, improved incident tracking, improved IT controls, etc.%0A3. If you’re replacing an older financial system, you must validate and certify the accuracy of all financial information as it moves into the new system data bases.%0A4. SOX may have some overhead on projects being developed. These requirements cannot be shortchanged and extra time should be planned to facilitate requirements. Hopefully, it will only have a 5-10% increase in overhead.%0A5. It’s beneficial to design an E-Library for SOX related documentation, as you have to retain up to 7 years history (use electronic approaches where possible for referenciabilty, backup, and for multiple authorized folks to view.%0A6. There’s probably a more active role in development by auditors, (although they should be invited to participate anyway)%0A7. IT security, change control, and change management will be more formalized on these major projects.
WrightLot last edited by
In my business the ideal answer is no major impact. Marketing is completely out of scope. Business development should not be impacted if they follow standard change management practice (and that is where the rubber hits the road as all too often project teams cut corners to meet deadlines and financial controls are the first to go).
Agree with all of the points above with the possible exception of ‘6’ but the word probable was used. Our Audit do not get involved and accountability lies with the process owners who will be part of the development team. That being said we have a SOX team separate from our Audit team and they will be consulted as each project develops to ensure that aby significant business development is and remains SOX compliant.
harrywaldron last edited by
Hi WL - Thanks for the good additional comments
With respect to #6, we’ve always found it beneficial to invite audit to the ‘takeoff’ on a project, rather than the ‘crash landing’ afterwards This was based on many years of prior experience where after a new IT system was implemented, Internal Audit would immediately audit these new applications and critique them.
As I helped design a corporate Project Management methodology, a review of IT and workflow controls by Audit were added as a step in the project life cycle. After a walk through of the proposed designs, workflows, and controls – their role was to approve or comment on the overall system controls. That step can help reduce post-implementation control concerns Audit might have.
In our IT area, we had a very close relationship with our auditors and benefited by designing it into the system, rather than retofitting afterwards. Still the role of Audit may vary based on scare resources, organizational culture, industry, and other factors.