+49 69 75 93 72 43

SOX: Misconceptions and how to successfully implement SOX

In the second episode about SOX, Janet Winkler, CEO of FAE Consulting GmbH, and Judith Geiß, owner of the Bridge ∙ Consulting & Training e.K., will talk about SOX and give us some deeper insights into their experience with SOX in Judith Geiß’s podcast “Übernahme als Chance” – “Takeover as a chance”. The second episode corrects some misconceptions about the Sarbanes-Oxley Act and offers some recommendations for its implementation.

Misconception 1: Once SOX is implemented, you do not have to do anything else.

At the beginning, the SOX implementation will be a huge challenge for your company and your employees. Through the project, you will need to design controls suitable to your company and fulfilling all SOX requirements. You and your employees will need to complete all tasks towards the set goals. However, once you have implemented SOX, you might think that everything is done and over and you can turn your attention on more important matters.

As mentioned in the first article on SOX, even during the implementation of SOX, it is recommended that you should always focus on your core business. After implementation you must keep up the good practices, prepare your financial information on time and test and revise your controls and processes annually.

Ask yourself if the current SOX procedures still suit your company and if you are still doing all the tasks as per SOX requirements. If not, we recommend you adjust your processes and controls to the current situation of your company, roll out and test them with your employees and update your documentation.


Recurring tasks in the 1 year of SOX implementation

Source: The Bridge ∙ Consulting & Training e.K.

Misconception 2: SOX is relevant only to the finance department.

Even if SOX focuses on the financial information about the company, it is not only relevant for the finance department, but for all departments. Every process and department involved in generating and spending the company’s cashflow is relevant to SOX.

How to successfully implement SOX: recommendations for the first two stages

Control Self-Assessment

Remember that you don’t always have to start from scratch. In the control self-assessment stage, you assess your existing management and controlling processes. If you have ISO certificates in Germany, you already have some good controls in place that might comply with the SOX requirements. If your company is bought by an American corporation and your parent company has implemented SOX, then it is also smart to borrow the processes from them or to at least learn from their experience.

We recommend you involve your employees in the process by giving them the opportunity to evaluate the existing processes. They have an incredible amount of knowledge about the inner workings of your company and a lot of documents regarding their own tasks. If you do not involve them and use the “one fits all” approach, you might lose a large amount of time and efforts without taking advantage of this knowledge and the newly implemented processes will not be easily accepted.

We recommend that you build tandems between your employees and the employees of your parent company. Communication is a key factor in the implementation process and both sides can learn a lot from each other.

Planning and Segregation of duties

We recommend that you do not start implementing SOX without a plan. Start with a concept so that the implementation of SOX has a sound foundation and you do not have to repeat different steps of the process later.

When designing each business process, make sure that different tasks are done by different employees to avoid the possibility of fraud. Try to avoid situations such as that only one employee is involved, and this person even controls all tasks in one business process. On the IT side, it is recommended not to give permissions freely but only when necessary for certain tasks. Implement the 4-eyes-priciple for all relevant tasks in your company.

If you do not know where to start, you can look for assistance with internal audit, with somebody from your parent company in the U.S. or with external advisors.

FAE Consulting GmbH is specialized in optimization of business processes and offers advisory services on financial structuring, cost efficiency, and compliance. The Bridge ∙ Consulting & Training e.K. offers specialized consultancy services for companies which are acquired by an American group or integrated in an existing company structure as well as mentoring and training for the employees and management of these companies.

Both companies cooperate in assisting you with the SOX implementation and with the optimization of your processes. Contact us for a strategy meeting at contact@fae-consulting.de.


the Bridge ⋅ Consulting & Training e.K.: SOX-Compliance: Warum Sie das jetzt brauchen – und es sogar gut für Sie ist
Haufe-Lexware GmbH & Co. KG: SOX Compliance: Das sind die Anforderungen
Wikimedia Foundation Inc.: Sarbanes-Oxley Act

Kontaktieren Sie uns!

Wir beraten Sie gerne: +49 69 75 93 72 43

FAE Consulting, Frankfurt