Sarbanes Oxley Act and Risk Management

Sarbanes Oxley Act (SOX in the USA) gets blamed for all sorts of controls inflicted upon project. It has also been used by many business software providers as an excuse to sell their wares.  However, the cost of this additional requirement on an organisation must have some return on investment.

If there is a specific SOX requirement for the way risk management is done in that organisation (I’m not convinced there is, though some claim that is so) then that should be followed. SOX is more about the avoidance of fraud and it does require that risk is assessed, risk for specific large undertakings (investment, portfolios, large projects, programmes) are modelled and good controls (mainly financial) are in place.

In projects, risks are wider than financial but an organisation wide recognition of risk management will make it easier to talk about the process.

The focus on SOX compliance has allowed the implementation of reporting in a consistent way in some organisations.  This allows consolidation of risk reporting (especially with financial measures) across projects to see organisation level exposure: a potentially useful board tool in difficult economic climates.


About 3triangles
Helping organisations make change happen in 3 key areas: strategic change, deliver tactical impacts, efficient and effective processes. All blog content (c) 2009 - 2012 Carol Long and Three Triangles Performance Ltd

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: