Why have enterprise risk management programs become so popular so fast?
The federal government’s Sarbanes-Oxley Act (SOX) of 2002 has created all sorts of additional different attestation and reporting requirements. One of the reasons is that the customers of major corporations are demanding SOX compliance. Customers are saying, ‘We want a piece of paper that says you’re processing our information correctly.’ So businesses that had been resisting certain levels of risk management are finding that the world is changing. Plus, a company’s position is strengthened when they’re selling their business. They can separate themselves from their competitors who may not be SOX compliant. Because of those recent changes in law and philosophy, selling ERM services is not as tough as before. What are the different types of ERM services? First, SOX consulting. Accounting systems and procedures are reviewed and, if they are not SOX-compliant, they are made SOX-compliant. An SAS 70 audit engagement is a risk assessment opinion from an independent service auditor, and it a
