Opportunity knocks in dealing with SOX

HOPES WERE HIGH when the Sarbanes-Oxley Act became law in 2002 that the measure—designed to ensure proper internal controls and financial reporting—would allow risk managers to raise their profile by getting involved in the compliance process.

But as we report on page 1, a recent survey indicates that most risk managers haven't gotten involved in SOX Section 404 compliance-related activities, which many observers see as a possible springboard to creating an effective enterprise risk management program.

While the linkage between SOX and ERM may not always be readily evident in all organizations, we believe more risk managers should at least examine whether SOX presents an opportunity to promote their professional discipline.

After all, any opportunity to enhance risk management's standing within an enterprise deserves consideration, and SOX compliance work is no exception.

We know that some risk managers may discover that there is no upside for them or their departments in getting involved in the compliance processes. Nevertheless, making the effort to see whether there is a role for risk management in the process is worth some consideration. You cannot seize an opportunity until you've determined whether one actually exists.