BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Sarbanes-Oxley compliance may spur ERM: Study


NEW YORK—Although risk management is thoroughly integrated into the Sarbanes-Oxley Section 404 compliance process at some companies, most risk managers are not actively involved in compliance activities outside their own department, a new survey has found.

Risk managers at companies that have integrated the risk management function into Section 404 compliance, however, have experienced material benefits, according to a new Advisen Ltd. report that was made available to Advisen subscribers today.

In addition, Section 404, which requires companies to establish and maintain an "adequate internal control structure and procedures for financial reporting," has served as a catalyst to the formation of a number of enterprise risk management programs, the survey found.

Advisen surveyed 302 risk managers mainly from public firms and some private firms that have chosen to adopt Sarbanes-Oxley standards for its report.

Of those risk managers who said their companies had a team or committee overseeing Section 404 compliance, only 23% said that the risk management department was represented, the survey said. In addition, only 18.5% said the risk management department had a role in auditing, monitoring or collecting information for Section 404 compliance from other units of the company.

Despite the overall lack of involvement, 50.2% of the risk managers said their department is adequately involved in Section 404 compliance activities, the survey said. A number of respondents expressed the opinion that there is a clear distinction between the requirements of Section 404 and the roles of the risk management department, Advisen said in its report.

Risk managers who have taken an active role in Section 404 compliance activities, however, report that the impact has been significant both in terms of the influence of the risk management department on the design and implementation of a program, and also in raising the visibility and influence of the risk management department within the organization.

One area where Section 404 compliance has made a material difference in the risk management process and the role of risk managers, the survey found, is enterprise risk management.

Of the 45.3% of respondents who said their company had or planned to have a formalized enterprise risk management program, 24.1% said it was motivated by Section 404 compliance requirements.

Copies of "SOX Appeal: Sarbanes-Oxley Section 404 Compliance and the Risk Management Department" are available to Advisen subscribers at no charge. Nonsubscribers can purchase the report for $25 by calling Advisen at 212-897-4800.