Sarbanes Oxley defines the way in which internal controls are monitored in an organization. As I look back at the companies I have helped in getting SOX compliant, I am beginning to see a trend in the way in which the controls are evolving. Companies are moving from a traditional approach to controls to a more modern risk based approach. I have put together a list of differences between the mordern approach towards controls complaince and the traditional approach. You can call these approaches as Pre Sarbanes OXley and Post Sarbanes Oxley approaches.

Static Vs. Dynamic - Old approaches to controls compliance were project oriented, whereas mordern approaches are more action oriented and call for immediate action to ensure internal controls compliance.

Independent Vs Dependent - Controls were looked in isolation of the business process pre sarbanes oxley. Today, SOX calls for a approach where the controls are assessed alongwith the flow of business and financial information.

Controls Ownership - Pre SOX, controls were mainly a function of the complaince group in an organization which would be internal audit. SOX looks at the business owners for controls complaince and makes the business process owners responsbile for controls compliance.

Compliance Vs Process improvement - Controls previously were looked at as a means to just comply with regulations. Though SOX is a law which companies need to comply with, the SOX approach makes organizations look at way to improve business processes and make process improvements.

Manual Vs Automated - Traditional control towards was dependent upon manual controls. The mordern approach stresses on automated controls in system. Reliance is more on preventive automated controls rather than detective post facto controls.

Related Posts

Total Cost of Internal Controls
Evaluating Disclosure Controls & Procedures
Cost Benefit Analysis Before Implementing Controls
IT Governance for Sarbanes Oxley