Something to Consider August 2019 2
Are Your SOX Controls Genuinely Effective?
What does being burgled have to do with internal controls? Well more than you might think according to an interesting blog post by Norman Marks on SOX Controls Testing.
He argues that just because your home hasn’t been burgled (thus far) does not mean you closed all the windows and locked the doors and left your house secure.
He says the same principle can be applied to controls. A lack of evidence of bad things happening does not mean your defences (risk management) is working. This is an old and commonly misunderstood principle of risk management, but it’s all the more exacerbated by adding more tools or technology that can be used to mask ugly underlying issues.
What do these newer technology tools ACTUALLY do? They provide some level of assurance that the data, and possibly the transactions, are free from error.
But do they provide any assurance that the internal controls are effective?
Enjoy our article of the week from Norman Marks on ensuring that we aren’t fooled into thinking that by having efficient data, that this is the same as having an effective set of controls. You can find it here.
Our ‘Something To Consider’ snippets are framed as small, digestible, ‘dashes of insight’ around the pillars of what we define as “World Class Finance” – Process Optimization, Financial Control and Compliance, and Risk Assurance, all underpinned by technology enablement and integration.