Has risk management ever been more of a dominant issue for organizations than it is today? A string of devastating natural and man-made disasters worldwide coupled with continuing aftereffects of a global financial crisis have placed companies in the spotlight of shareholders, governments and the public, all of whom want assurances that companies understand and are managing their risks effectively.

These issues are just the latest in a decade-long movement to enhance risk management in public companies, a trend that began in 2002 with the passage of the Sarbanes-Oxley Act (SOX). That legislation placed new requirements on companies to establish strong and sound internal control over financial reporting. Not only did it require management to report on the effectiveness of these controls, it also required attestation by the company's external auditor. For management and the board of directors at publicly held organizations, a new level of risk management and internal control was required to address financial reporting risk and remains so nine years later.

So where does SOX compliance stand today? Protiviti recently surveyed more than 400 finance leaders to find out. Overall, the results of the firm's annual Sarbanes-Oxley Compliance Survey reveal the news is becoming better for many organizations as their compliance efforts mature.