How Quality Managers can support SOX implementation
Quality Managers working with a robust Quality Management System (QMS) can the support the financial / accounting / auditing compliance organizations within their companies to meet the intent of Sarbanes-Oxley (SOX).
There are several approaches:
- Train the financial / accounting / auditing departments to reuse the basic ISO 9001 processes
- Train and deploy all ISO 9001 processes into the financial / accounting / auditing departments as most ISO clauses map into the SOX COSO Components
- Extend the management system to cover all the business and financial risks and controls; covering both the financial / accounting / auditing departments and the key business processes up the enterprise level
- Extend the management system to cover all the business and financial risks and controls; covering both the financial / accounting / auditing / Information Technology (IT) departments and the key business processes up the enterprise level
- Redesign the management system to an Integrated Management System (IMS)
- Redesign the management system to include Enterprise Risk Management (ERM) systems
Managers and directors of quality management systems interested in their synergy with SOX and the financial / accounting / auditing compliance organizations within their companies need not look much farther than their own primary processes to find “connective tissue” and cost savings opportunities in approach #1 above: reuse the basic ISO 9001 processes. The six required-as-documented ISO 9001:2000 Quality Management elements are the groundwork for many of the COSO internal controls referred to under the general heading of the “Control Environment.” These 6 elements represent a helping hand to the financial / accounting / auditing groups in their organization are 4.2.2 Documentation, 8.2.2 Internal Audit, 8.3 Control of Non-Conforming Product, 8.5.2 Corrective Action, 4.2.4 Records, 8.5.3 Preventive Action, and 5.6 Management Review.
