Risk managers can play an important role in complying with the corporate disclosures required by the federal Sarbanes-Oxley Act–though few do today, according to a recent survey of insurance buyers.
Indeed, firms involving risk management in the SOX compliance process under the Public Company Accounting Reform and Investor Protection Act receive great benefits, according to a report written by David Bradford, editor-in-chief for Advisen, a New York-based consulting firm that frequently works with the Risk and Insurance Management Society.
Advisen asked 6,500 risk managers to take part in an online survey during the last week of July. Of the responses, 215 came from publicly held companies and 87 from nonpublic firms that comply with the internal control rules.
Almost 73 percent of the risk managers said their departments are not involved with the committee or teams overseeing Sarbanes-Oxley compliance. In fact, almost 74 percent do not play a role in auditing, monitoring or collecting data for compliance.
More than 50 percent of the risk managers are happy with that situation. Interestingly, 24 percent said implementation of enterprise risk management was spurred by SOX compliance requirements.
Mr. Bradford wrote that the role of the risk manager in Sarbanes-Oxley compliance remains an “evolving story” as federal regulators still work to clarify requirements.
However, he said, “based on respondents’ comments, risk managers of those companies that have most thoroughly integrated the risk management function into the Section 404 compliance process are experiencing material benefits.”
Section 404 of Sarbanes-Oxley mandates the assessment of internal controls by the company. The company’s auditor is required to attest to, and report on the assessment.