Organizations face a range of challenges to keeping up with regulatory compliance. The rules can change quickly, resources are often tight to do the proper screening, and employees sometimes feel they don’t need any training for internal controls or compliance. Despite these difficulties, many organizations are still required to comply with laws and regulations like the Sarbannes-Oxley Act of 2002 (SOX). Even where they are optional, achieving compliance with SOX and other regulations helps organizations ensure they are taking the appropriate action to mitigate fraud and other potentially devastating risks.
This article presents data from APQC’s New Developments in Internal Controls survey on how leading organizations enforce and reinforce compliance through internal controls. As we review this data, we draw from analysis and insights provided by internal controls SME Christine Doxey (author, speaker, management consultant, and President of Doxey, Inc.), who partnered with APQC to carry out the internal controls study.