Ethics and Compliance Risk Culture Survey
Sarbanes-Oxley Survey (Sarbox Survey)
Enhancing Compliance With Sarbanes-Oxley 404
CEOs, CFOs and Audit Committees are required to implement and sustain an Enterprise Risk Management (ERM) Ethics and Compliance Culture that demonstrates their commitment to Sarbanes-Oxley 404 compliance.
Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) helps companies fulfill their Sarbanes-Oxley 404 compliance responsibilities.
The anonymous feedback gathered by Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) enables management to make informed decisions about making cultural changes essential for creating an environment that is conducive to ethical behavior and honest communication, and allows for the proactive management of risks to avoid surprises and maintain Sarbanes-Oxley 404 compliance.
Corporate Culture and Sarbanes-Oxley 404
Beyond corporate governance and business practices, an evaluation of corporate culture is an important part of Sarbanes-Oxley 404 Compliance. The evaluation of corporate culture provides insight into the character of the organization, its ethics and openness.
Sarbanes-Oxley 404 compliance requires culture change, not just accounting change. The intent of Sarbox 404 is to expose mismanagement, fraud, theft and abuse, and to sustain a corporate culture that does not allow these actions and conditions to exist.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework supports Sarbox 404 compliance, providing direction and criteria for improving an organization's ability to manage risk.
Sarbox 404 and the COSO framework require a meaningful cultural change including distributing responsibility and empowering employees to participate in the enterprise risk management process.
Standard and Poor's and Moody's are planning to include enterprise risk management in their credit ratings criteria for non-financial companies, increasing consistency in evaluating the resilience, profitability and quality of management of these companies. S&P already evaluates ERM for financial companies. S&P plans to tailor its proposed ERM analysis based on individual companies' unique risks, structure and culture. Companies will be rated against four major criteria that will serve as the framework for analysis including risk management culture and governance, risk controls, emerging risk preparation and analysis of strategic management.
In a Sarbanes-Oxley 404 compliant company:
- Management and the Board demonstrate their commitment to strong controls through their communication and actions.
- Every employee is encouraged and required to have hands-on involvement in the internal control system.
- Every employee is encouraged and given the ability to report policy exceptions. Employees are expected to be in the communication loop through resolution and corrective action.
- Employees have the ability to report policy exceptions anonymously to any member of the organization including the CEO, other members of the management team, and the Board of Directors.
Issues Included in the Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey)
Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) assesses over 70 Risk Culture issues. The following is a sample of the Risk Culture issues included in the survey:
- Consistency of direction from management
- Employees' awareness of short and long-term objectives and strategies
- Alignment of objectives between business units and corporate
- Clarity of individual accountability for objectives
- Employees' understanding of policies
- Management's receptivity to messengers of bad news
- Availability of appropriate resources
- Effectiveness of performance review process
- Effectiveness of inter-departmental and intra-departmental communications
- Employees' level of understanding of risk
- Management's emphasis on risk management and control
- Availability of processes to manage change
- Effectiveness of controls
- Availability of appropriate performance measurements
- Identification of workplace abuse/bias (e.g. gender/sexual, age, racial)
Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) Metrics
Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) enables the measurement of COSO's ethical components (i.e. the Control Environment), which is best done by gathering anonymous feedback from employees. Surveys are the easiest and most effective way to accomplish this.
The Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) identifies potential areas of risk and challenges to the organization, while also highlighting those areas where the organization is effective. Management can focus on the issues that the survey identifies as needing attention. Once the first survey is completed and a base-line measurement is established, repeating the survey on an annual basis can provide valuable information and insight about the organization's efforts addressing areas needing attention/improvement and maintaining areas where the organization is doing well.
Quantisoft's Ethics & Compliance Risk Culture Survey (Sarbanes-Oxley Survey) includes over 70 questions. Surveys can be customized to meet your company's needs. The survey includes the following topics:
- Mission and Objectives
- Ethics and Integrity
- Commitment to the Company
- Human Resource Policies, Practices and Performance Measurements
- Internal Communication
- Identifying and Assessing Risk
- Processes and Controls
- Identifying Specific Business Risks
Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) Reports
Surveys are hosted on Quantisoft's secure web server. Quantisoft administers the surveys and prepares comprehensive reports based on the survey findings.
The following information is contained in the survey reports:
- Survey results displayed in graphical and tabular formats for the organization overall and broken down for each demographic segment (i.e., hierarchy, business unit, location, etc.). Trend reports are provided for the second and subsequent annual surveys.
- Respondent comments provided for each question.
- Overall averages for the key Ethics and Compliance Risk indicators
- Identification of the highest and lowest scoring questions.
- Optional Report - Executive Summary Report including key findings and themes identified by the survey, summary of the employees' comments, analysis of the ratings results and suggestions for making improvements based on the survey findings.
Benefits of Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey)
Quantisoft's Ethics and Compliance Risk Culture Survey (Sarbanes-Oxley Survey) provides the information and insight to achieve a strong payback:
- Facilitates Sarbanes-Oxley 404 compliance
- Enables increased transparency, fewer surprises and more effective risk management, strengthening investor, public and regulatory confidence
- Improved overall control culture
- Better business risk information for Management and Audit Committees
- Enhanced processes and controls to drive operational effectiveness
- Improved Corporate Governance Process
- Better alignment of IT with the business
- Facilitates Board of Directors Oversight
- Greater financial accountability
- Increased effectiveness of employees
- Helps define training requirements for ensuring a Sarbanes-Oxley Ethical and Compliant Culture