Some shameless self-promotion today: I have a guest post on Workiva’s blog about financial reporting and SOX compliance, exploring a few best practices in how companies can design and operate certification programs for SOX controls.
Getting control owners to certify the effectiveness of those controls is not a new idea, I know. (I first wrote about them in 2004.) Still, the mechanics of how you run a SOX certification program can change with time and technology. I attended an excellent session on this subject at Workiva’s TEC 2016 conference last month, and that led to my guest column on Workiva’s blog, passing along some of the best tips I heard there.
I won’t give away the whole story here; you can jump over to Workiva’s blog and read all the details. Suffice to say, the main themes are the need to maintain version control as all your certifications flit back and forth; and the need to manage who can certify the effectiveness of what control, in which order. (Plus other pearls of wisdom, too.)