After exhausting significant amounts of time and money towards the first year of Sarbanes-Oxley compliance, retailers and consumer products manufacturers (R&C companies) should consider taking a more risk-based top-down approach to compliance to increase efficiencies, eliminate unnecessary work and reduce costs, according to a recent PricewaterhouseCoopers whitepaper.
“Leading Strategies: Streamlining Sarbanes-Oxley Compliance for Retail & Consumer Companies,” offers strategies to help R&C companies create sustainable compliance efforts, that, in the end, will save considerable time and money.
The paper offers three strategies that R&C companies can utilize to lessen the financial and personnel strain of Sarbanes-Oxley: strong leadership accompanied by a comprehensive plan and focused communication; re-scoping and reassessment of key controls and processes; and redesigning and streamlining testing processes.
“Year two of Sarbanes-Oxley presents a unique opportunity for R&C companies to improve their compliance efforts before processes become too ingrained to change,” said John Maxwell, partner and U.S. Retail & Consumer practice leader for PricewaterhouseCoopers LLP. “The companies that build well-thought-out and sustainable Sarbanes-Oxley compliance programs will eliminate unnecessary work, resulting in significant cost savings and improved business processes.”
Getting the House in Order
With the right messaging from the top, effective communication throughout the company, strong project management, and a solidified organizational structure to ensure that the right people own responsibility for controls and compliance, companies are becoming more effective in their approach to Sarbanes-Oxley compliance.
R&C companies that are realizing cost-effective compliance success in year two share several organizational characteristics:
— Strong executive leadership that communicates Sarbanes-Oxley priorities clearly and consistently throughout the organization.
— A well-defined compliance office with clear responsibilities, dedicated resources and a model that integrates the overall compliance process among the various functions involved such as finance, IT and operations.
— Strong project management that encompasses everything from scoping, documenting, testing, evaluating and reporting to establishing processes that align with Section 404 and Section 302 efforts and effectively remediate deficiencies.
Re-Scoping and Reassessing Key Controls and Processes
To gain efficiencies, companies are taking steps to ensure that they are relying on the right controls — identifying and testing only those that achieve control objectives and relevant financial statement assertions.
By taking a strategic, well-planned and documented approach to compliance, R&C companies can gain efficiencies and reduce the number of controls to be tested. Using a risk-based approach, companies are mapping key controls to financial statement assertions related to the significant financial statement accounts, using standardization strategies, and exploring higher-level or different types of controls within the organization.
Companies should seek to harmonize their approach by identifying the best mix of controls (i.e., manual vs. automated; preventive vs. detective; higher-level vs. transaction-level) that will most effectively and efficiently provide adequate comfort on the significant financial statement accounts and related financial statement assertions.
Redesigning and Streamlining Testing Processes
Once R&C companies have completed their re-scoping exercise and identified the appropriate key controls, many will have significantly reduced the number of controls they will need to test. To reduce the cost and overhead of testing, R&C companies also are employing strategies in year two that were not possible in year one, including more upfront and ongoing coordination with external auditors.
To further streamline the testing processes, many companies are leveraging internal testing, prioritizing the testing of controls, aligning Section 404 and Section 302 documentation and testing efforts and standardizing testing plans and templates. By working smarter this time around, companies are enabling their external auditors to rely upon as much of their internal work as possible.
By communicating timely and consistently within the organization and with external auditors, R&C companies are pinpointing problems sooner, identifying areas where processes can be streamlined while avoiding surprises at the eleventh hour.
“Building a sustainable Sarbanes-Oxley compliance program requires companies to be committed and proactive in their approach by making it part of their daily business practices,” said Maxwell. “The three core strategies discussed in this paper should help enable companies to succeed in year two of Sarbanes-Oxley compliance and perform even better in years to come.”
For more information on “Leading Strategies: Streamlining Sarbanes-Oxley Compliance for Retail & Consumer Companies” please go to: www.pwc.com/retail.
Or, for a copy of the executive summary please contact: email@example.com.
PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 130,000 people in 148 countries work collaboratively using connected thinking to develop fresh perspectives and practical advice.
“PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
(C) 2005 PricewaterhouseCoopers. All rights reserved.