Five years after the Sarbanes-Oxley Act became law, many companies are still struggling to meet regulatory compliance requirements. Public companies have spent billions of dollars in efforts to comply with new government regulations. This year alone, according to AMR Research, companies will spend $6bn on technology products for compliance.
There is at least some relief in sight, though. Thanks to the recent changes to SOX, companies and auditors alike now have more flexibility to reassess and even redesign existing compliance practices. It's an opportunity to ease the burden, according to compliance gurus, by taking a risk-based approach.
Taking a risk-based approach involves determining which aspects of a business need to be included in an audit versus just trying to find everything that could possibly go wrong and including it in SOX controls.
Source: BPM Today, http://www.bpm-today.com