|
I really hope you aren't still complaining about the gyrations AS2 causes. While it has been the law of the Sarbanes Oxley landscape for the last several years, the last two months have given all SOX professionals and managers at publicly traded companies alike the opportunity to review and weigh in on a more effective way to live with this much needed discipline. With the comment period closed, the considerable task of pondering everyone's feedback falls to the SEC and PCAOB. It is interesting to review some of the feedback provided (i.e. FEI comments), and consider the many aspects of this regulation that must be weighed and balanced. We've seen considerable changes in the last year, targeting refinement for small business - just in time, as it were. As I personally work with small business clients, I'm struck by the tremendous amount of work that needs to be done in an "offensive" sense, in as much that SOX compliance is about preparing the landscape from a "defensive" perspective. So much of the traditional SOX implementation requires focus on "ensuring that things are done right" that businesses still aren't necessarily reviewing their process to ensure that they are "doing the right thing." I have found the proposed guidance from SEC and PCAOB (AS5) to increase the value of tools that let management guide their business. Looking back on the COSO framework (and COSO SB guidance), the intent is to begin with management Objectives, and then managed risks from this perspective. The objective perspective puts the relative risks of different processes in a very different light than the bottoms-up scrutiny that gets enforced and regularly monitored on AP Clerks desks. I am particularly heartened by the following attributes that I think will make SOX work more valuable to the company:
I am keen on making contacts with independents that are interested in developing an informal relationship with other specialists in this space to share work in challenging projects. Given the wealth of areas for specialization in the risk and control field, I am interested in cultivating relationships with professionals interested in project work, or looking for assistance in efforts that have lined up. I would love to hear from folks interested in expanding their network of professionals for possible project work in the future. For those that have been reading Inside Sarbanes Oxley since it launched in the fall of 2004, I hope we've done a good job of keeping you informed of emerging issues and developments around the regulatory impact of Sarbanes Oxley. You will recognize that we've not done much in the way of connecting with readers and practitioners within this community, because so many professionals have been buried beneath the chore of just getting projects across the finish line. I now want to reach out, making connections with people that are still grooving on this work after a few implementations. As Publisher of Inside Sarbanes Oxley and a risk and controls consultant, I continue to thrive on this work. I love the opportunities that come with a new engagement and control environment implementation, and seeing the dramatic changes that occur within an organization in a period as short as a few months. I also appreciate the new opportunities for learning that come from working with new people, and drawing new insights from their experiences. As the breadth of the on-going compliance requirements continue to be hashed out, it occurs to me that full implementations (risk assessment through year 1 testing) will continue to shrink. Obviously there a few opportunities that remain, but the vast majority of work seems to already be shifting toward outsourced testing resources and internal control environment managers (solo artists asked to oversee the health over testing results and manage change into the documentation developed to-date). I recognize that not everyone shares the risk tolerance of the independent consultant. I also recognize that not everyone is interested in engagements across the country or around the globe. That said, I welcome the opportunity to begin conversations that could lead to collaborative opportunities for the many of you running small (or individual) consultancies. If gaining visibility to such a community would be of interest to you, please drop me a note at toby.lucich@insidesarbanesoxley.com, or connect to me at LinkedIn (http://www.linkedin.com/in/tobylucich). Note that connections via LinkedIn are public, so contact me at toby.lucich@insidesarbanesoxley.com for a more discrete point of contact. I would welcome discussion about what you love to deliver to a client, the type of challenge you would love to land next, and upcoming availability or opportunities. I look forward to discussions of areas of expertise (i.e. projects managed, cycles documented, processes redesigned, industry experience) as well as your level of interest in future projects (regionally within the US or on a global basis). Labels: consulting, implementation, independent, network, sarbanes oxley, sarbox, sox
|
subscribe
to this feed
through my yahoo! 
August 2004 September 2004 October 2004 November 2004 December 2004 April 2005 May 2005 June 2005 September 2005 October 2005 November 2005 December 2005 February 2006 May 2006 September 2006 October 2006 November 2006 December 2006 February 2007 March 2007
|
||
|
|||
