Who in Quality can support SOX implementation?
For the last three years, corporate America has invested over $30 billion in understanding and implementing the Security Exchange Commission (SEC) rules on Sarbanes-Oxley Act of 2002 (SOX). Most of the effort was in two sections: 302 and 404 which cover the company’s “internal controls”. SEC references internal controls to the 1992 COSO guidance report “Internal Controls – Integrated Framework”.
In an October 2003 article of Quality Progress magazine two ASQ members and contributors to the ISO standard, Sandy Liebesman and Paul Palmes proposed that ISO 9000 or ISO 14000 auditors are well equipped to lead a SOX compliance investigation. This assertion has been followed up with
- many presentations at ASQ conferences,
- Workshops,
- a Webinar,
- SOX Network,
- Sep2005 ASQ conference Beyond Compliance to Sarbanes-Oxley: Financial Benefits from Integrating Your Management Systems
where Sandy Liebesman, Paul Palmes, Donna Spencer, and myself were the program managers.
This blog will continue the dialog with quality practitioners and hopefully their company executives on how the quality practitioners can work with their finance and accounting peers to implement and assess their SOX compliance.
I believe these quality practitioners make up three parts of ASQ membership:
- Quality Managers,
- Quality Engineers, and
- Quality Auditors
Future blog entries will strive to serve these groups.
Comments
Congratulations on getting this Blog site up and running! I posted a brief reference to it on my Blog and entered it into my RSS feeds.
Posted by: Dennis Arter | November 2, 2005 12:01 PM
Members of the quality community no doubt feel they already have a lot on their plate. Between demands for research into new regulations, customer complaints, special training projects and new process work instructions most of us have little time to investigate, let alone apply ourselves to "one more regulation."
But this one is all the above, the "Granddaddy of them all," given its command of the time, attention and pocketbooks of top management throughout the world. What's at stake here is the attractiveness of our tools and processes to improve, define and control.
As SOX moves from a project for compliance to a program of continuous control and monitoring, those of us in the quality trenches will be asked to incorporate many these new control points into our activities. So, while it's a good idea that we be prepared, even better when we learn what's required and then take the first step toward integration.
If we in "quality" visit "finance" first with our plan for saving money through integration and reduction of duplicative effort, hopefully we can retain our identity and best assets.
Now ask yourself: Would those same assets be protected in your organization if finance were to visit you with their plan?
In the past 6 months, I've been asked by 2 Fortune 5oo companies to help them design an integrated SOX program - and neither invitation came from their quality departments.....
Posted by: Paul Palmes | November 3, 2005 06:53 AM
Hello John, Mark Kempf here. I'm going to monitor this blog, and add content as appropriate. As an update to the teleconference during our strategic planning meeting, we've petioned the Division Affairs Council (DAC) to change the name of our division from the Quality Audit Division to the ASQ Audit Division.
This change is more accurately reflective of our evolving membership.
The DAC approved the name change, and requested that it be added to the Board of Director' s meeting agenda for approval at the highest Society level.
I'll keep you informed.
Thanks John,
mark
Posted by: mark kempf | November 3, 2005 07:31 AM
I've a suggestion - can we restructure the main page to add a prominent button that reads "Post a Comment" or somethning to that effect?
I believe the power of a blog is in its ability to serve as an interraction tool for engaged subscribers. When I view the main page it's unnecessarily difficult to find an "entry point" to post a response. Any thoughts in this regard?
Posted by: Paul Palmes | November 8, 2005 09:26 PM
Hello John,
I was pleasantly surprised to see the notice for this blog as it fits in very well with my interests and current position. I am Director of Quality and was asked last year to lead our company's S-Ox Section 404 compliance effort. We used a Project Management approach in the effort and modelled our Financial Control system after many of the ISO components. This year we are applying Quality principles to understand and improve our business processes. I look forward to reading about work others are doing and sharing our own experiences here.
In particular, I wanted to ask if there are any proceedings available from the ASQ conference in September.
Best Regards,
Tom
Posted by: Tom McKnelly | November 22, 2005 11:56 AM
I'm looking for additional information on the SOX act and a better understanding. Is there any good source of information I can read as to implementation.
Posted by: Ernestine Patterson | November 23, 2005 04:48 PM
Ernestine,
Additional SOX information can be found on the ASQ SOX Community web page www.asq.org/communities/sarbanes-oxley
From there, ASQ has a one-day SOX workshop www.asq.org/courses/9001_sox.html
Posted by: John Walz | November 28, 2005 02:09 PM