Sarbanes-Oxley, section 404: from project to practice ... to best practice; in the governance and compliance arena, transitioning from 'best' to 'required' may occur faster than ever. Industry thought leaders advocate such an approach, and a number of companies have begun to set the bar.

• Author: Kola, Vani
• Position: Compliance

Most companies today are conducting substantial--even massive--projects around Sarbanes-Oxley Section 404 requirements. There is a growing need, however, to transform that initial project effort into sustainable practice as companies realize that the "deadline" isn't the finish line. In fact, for shareholders and even for customers, the filing deadline is the start line, as it marks the beginning of expectations for complete, effective internal controls and transparency for management and board of directors.

In developing a roadmap to transform the project effort into ongoing practice to meet Securities and Exchange (SEC) requirements, executives and boards are carefully evaluating how they can elevate their practices to best practices that exceed shareholder expectations and provide competitive advantage. Some companies are even including customer perception and benefit in their plans and strategies. The consistent theme driving these strategies is a "tone at the top" that aspires to higher standards of both ethics and performance.

As is often the case, industry best practices ultimately become standard requirements. The early practitioners of best practices realize significant benefits and advantage while "forced followers" pay a higher premium for adopting the practice and enjoy lower returns because they must invest merely to break even. In the corporate governance and compliance arena, the transition from "best" to "required" may occur faster than ever. A variety of industry thought leaders already advocate such an approach, and a number of companies have begun to set the bar.

Companies approach compliance with different attitudes and goals. These include a project approach with the notion of a start- and stop- date; a sustained practice approach, involving continuing, consistent behavior; and a best practice approach, taking the highest ethical ground and striving for business benefit.

* The project approach can be characterized by:

Managed by a SWAT team Hunting and gathering exercise Change agents

This is a doable, but unsustainable and potentially untestable, approach to Section 404 compliance. It concentrates responsibility for compliance in the hands of a few, and is often typified by retention of outside consultants who take the process knowledge with them when they leave the company.

* The practice approach can be characterized by:

Standard operating procedure Consistent behaviors Routine monitoring

This is a repeatable approach and a necessary pre-cursor to auditor testing. Responsibility for control ownership, documentation and assessment are distributed; with that, comes...