SOX Compliance Challenge as Big as Ever

Two recent discussions reminded me that Sarbanes-Oxley compliance continues to prevent many companies from launching and/or successfully executing broader GRC initiatives that promise greater returns (than “avoiding non-compliance”).

The first “ah-ha” took place while I was interviewing Dun & Bradstreet Chief Risk Officer Charles Pavlonis about his company's impressive enterprise risk management (ERM) initiative.

At the end of our chat, as we were hashing over some of the reasons behind the success of the program, Pavlonis exclaimed, “Wait a minute — this is really important!” He then said that ERM success hinges on “getting SOX compliance to be something that is not disruptive, that is almost embedded in the core DNA of the company.”

When I asked him why, he explained, “Companies that are still struggling year-to-year with SOX compliance are enduring a distraction that doesn't allow them to free resources to conduct the other risk assessments that you need for ERM.”

The second discussion took place during the Q&A session following a Business Finance Webcast in which I participated recently. As a participant, you can see the questions that audience members (in this case, nearly 300 folks) type in as the presentation progresses. It struck me that a large number of the questions essentially boiled down to: “How can we tame our SOX efforts so that we can start GRC in earnest?”

This is a crucial question — and one that some GRC experts may be surprised to learn still needs attention.

One more thing/shameless shill: Look for my case study on D&B's ERM program. Pavlonis is definitely among the handful of elite finance (and GRC) executives with whom you would want to catch up at a conference.

On that note, Robert Half International has released its 2009 Salary Guide. I followed up with a few quick GRC-related questions to Paul McDonald, executive director of Robert Half Management Resources, and here's what he had to say:

What did the survey results reveal about the demand for GRC positions?

Demand remains steady, and companies often are willing to enhance their compensation packages to attract the best professionals.

What does your field experience tell you about the demand for GRC positions?

Firms will always need professionals who can help them to manage risk and comply with regulations. Demand for this expertise has risen since the implementation of Sarbanes-Oxley, and I don't see it subsiding soon. In fact, the need for professionals who can succeed in risk and compliance positions could grow in the coming years if the current economic situation leads to increased and tighter regulation.

What about the nature of GRC positions — is it changing in any way?

The profile of these positions has been elevated in recent years due to the economy, Sarbanes-Oxley, and the events that led to the enactment of Sarbanes-Oxley. Compensation for these positions also is on the rise, as companies find that they must step up to attract highly skilled talent in these areas.

So far, most experts I talk to are saying positive things about the demand for finance and accounting expertise and for GRC expertise during a down economy. Do you agree?

Demand for accounting and finance expertise, including governance, risk, and compliance, remains. These are core functions vital to a company's success. In any economy, firms will need to look for talented professionals who can fill these roles and ensure that the organization's risk and compliance needs are met.