Characteristics of SOX Compliance Leaders

A new KPMG report on Sarbanes-Oxley compliance progress sounds a bit ho-hum -- and that's a good thing. The report's primary insight is that the majority of companies have shifted from a "get it done" compliance mentality to a "make it business as usual."

The report's executive summary contains several interesting nuggets. The first is an interesting metric -- "deficiency rate" -- used to gauge compliance effectiveness. The firm defines efficiency rate as compliance deficiencies divided by the number of controls tested. Leading companies boast a deficiency rate of less than 1 percent, according to KPMG.

Compliance leaders also:
• Test more controls with fewer resources;
• Use a higher percentage of automated controls than compliance "middle-of-the-packers"; and (interestingly)
• Perform more testing in the first quarter of the year compared to middle-of-the-packers, which tend to perform more testing later in the year.