It's difficult to believe that Sarbanes-Oxley (SOX) is nearly a decade old, considering the impact it has had on the way companies do business. Enacted in 2002, it was created as a response to the corporate malfeasance scandals involving such companies as Enron, WorldCom, and Tyco. Though its first few years involved a mad dash to implement and regulate control systems, many companies have now become so accustomed to the regulation requirements that they function almost as if they were on autopilot.
However, familiarity with SOX regulation and compliance control systems should not equal complacency. Yes, nine years of experience certainly provides a comfort level, but all of the functions within the company that are directly involved in compliance efforts -- finance, IT, operations and HR -- still need to be tested regularly on their knowledge of entity control systems, and it shouldn't stop there.
In looking ahead to the future of corporate governance, companies need to realize all departments throughout a company should develop a strong understanding of compliance practices; it can't be a discipline only practiced by the finance, HR and IT departments. It should permeate an organization so that all employees -- from the mailroom to the boardroom -- understand both the importance of a sound control environment and how they can individually contribute to it.
To most employees, compliance is an esoteric function only understood by a select few. They don't know what it is or how their day-to-day responsibilities fit into larger SOX efforts. Additionally, considering the complexity of the subject, it might seem difficult to make SOX compliance something that interests all employees. To help solve this problem, below are a few tactical suggestions on embedding compliance within your company:
- Start at the top. Compliance is often viewed as the CFO's responsibility, and quite rightly so since that position bears a great deal of the burden to ensure all information presented to the SEC adheres to SOX rules. Yet, it is, in fact, the board-level executives who need to set the example of how to be compliant and explain why it's so important. After all, these are the individuals who set the priorities and tone for the entire organization and therefore can best illustrate how compliance impacts the entire company.
- Tailor the message to the masses. For employees not directly involved in the finance function, it is less clear how their daily work impacts the company's financial compliance. Implementing educational work sessions, led together by the CFO and HR team, can help distill the information so employees better understand not only what compliance is, but also their role in achieving it. These sessions should be organized by department so the conversation is customized to the responsibilities of that group and both the CFO and head of HR can discuss what compliance means to their function.
- Make it collaborative. Once employees have been educated, it's important to make every employee feel as though he or she is contributing to compliance efforts. Creating task forces within the company that include a cross section of representatives from different levels and departments gives employees a forum to voice their feedback on compliance shortfalls within the company and areas for improvement. Have these task forces meet on a regular basis to develop recommendations for how compliance can be better integrated throughout the organization, and then make sure senior leadership is present to hear those recommendations.
Remember, most employees are already stretched thin with their current workload, so be sure to incentivize task force participants through perks like additional pay or time off. - Gather feedback. Employees feel valued when they believe their opinions are valued. Explore developing a channel for employees to share both their questions and opinions about compliance, such as through an online survey. This will allow employees to easily share their thoughts in a private and anonymous way, making it more likely they'll actually participate and provide honest input. Report the feedback broadly through internal channels (e.g., company newsletters, intranet, or companywide email) and then detail what senior management will do with the information.
- Measure Progress. Whether the goal is to increase awareness of a company's corporate governance practices or implement departmental checks and balances for SOX compliance, it's important the company measures its progress. You can't manage what you can't measure, so set benchmarks for success when developing your overall plan for working with employees. Measurement techniques can include an annual mandatory compliance quiz where all employees must attain a certain score, formal tracking of the effectiveness of ideas developed by the task forces, or creating incentive-based compensation tied to achieving compliance milestones.
Sarbanes-Oxley is one of the most important pieces of legislation in corporate history, and it has fundamentally impacted the way companies operate financially. But as we near its 10-year anniversary, it's time to think about the impact it can have beyond the employees most familiar with it. Corporate leadership should strive to demystify compliance and embed it into every level of every department in the company. Exposing all employees to the intricacies of compliance and control systems will broaden awareness of the issue and help identify compliance shortfalls within the organization -- making for a more financially responsible and ethical company.
Drew Reina is managing director of Accounting Principals.
