SavvyDox Simplifying SOX Compliance White Paper

1.
Simplifying
SOX
Compliance
!
WHAT
IS
SOX?
The
Sarbanes-­‐Oxley
(SOX)
Act
was
signed
into
law
by
President
George
W.
Bush
on
July
30,
2002.
All
public
companies,
large
and
small,
must
comply.
Sarbanes-­‐Oxley
was
enacted
in
response
to
several
major
corporate
accounting
scandals,
such
as
Enron
and
WorldCom,
to
protect
investors
by
improving
the
accuracy
and
reliability
of
corporate
disclosures
made
pursuant
to
the
securities
laws,
and
for
other
purposes.
The
most
contentious
aspect
of
SOX
is
Section
404,
which
requires
management
and
the
external
auditor
to
report
on
the
adequacy
of
the
company's
internal
control
on
financial
reporting
(ICFR).
This
is
the
most
costly
aspect
of
the
legislation
for
companies
to
implement,
as
documenting
and
testing
important
financial
manual
and
automated
controls
requires
enormous
effort.
As
a
result
of
SOX,
top
management
(i.e.
CEO
and
CFO)
must
individually
certify
to
the
accuracy
of
financial
information
and
maintaining
an
adequate
internal
control
structure
and
procedures
for
financial
reporting.
Penalties
for
non-­‐compliance
and
fraudulent
financial
activity
are
severe
and
include
very
hefty
financial
penalties
and
could
include
a
jail
term
for
the
CEO
and/or
CFO!
In
response
to
the
perception
that
stricter
financial
governance
laws
are
needed,
SOX-­‐type
regulations
were
subsequently
enacted
in
Canada
(2002),
Germany
(2002),
South
Africa
(2002),
France
(2003),
Australia
(2004),
India
(2005),
Japan
(2006),
Italy
(2006),
Israel,
and
Turkey.
HOW
DOES
SOX
IMPACT
DOCUMENT
MANAGEMENT,
REVIEW,
AND
COLLABORATION?
While
SOX
requirements
cover
a
broad
spectrum
within
an
enterprise
that
go
well
beyond
documentation,
the
key
section
of
the
Act
focuses
on
internal
controls.
The
executive
team’s
responsibilities
are
not
only
to
ensure
that
adequate
internal
controls
are
in
place,
but
that
they
are
being
monitored
and
adhered
to.
The
Act
also
requires
that
the
executives
sign
off
that
quarterly
and
year
end
submissions
are
accurate
and
contain
no
errors.
Both
of
those
activities
involve
document
management,
review,
and
collaboration.
Both
present
an
opportunity
for
productivity
improvements
and
reduced
business
risk.
INTERNAL
CONTROLS
Almost
certainly,
one
segment
of
internal
controls
will
require
signoff
by
various
executives
on
key
documents
such
as
large
contracts,
inventory
or
equipment
write-­‐downs,
pricing,
and
partnering
agreements.
The
magnitude
of
the
impact
of
the
transaction
on
the
corporation
will
define
who
has
to
sign
off.
The
requirements
are
unique
in
every
company
based
on
that
company’s
size
and
market
segment.
Whatever
the
case,
there
will
be
documents
that
need
to
be
reviewed
and
in
many
cases
approved
by
executives.
The
internal
controls
define
those
requirements
and
once
defined,
it
is
incumbent
on
the
executives
to
ensure
that
there
is
a
process
in
place
for
monitoring
compliance.
If

2.
Simplifying
SOX
Compliance
!
there
are
no
effective
monitoring
processes
in
place
to
ensure
compliance,
the
company
could
face
large
penalties
and
the
executives
could
be
liable
for
jail
terms.
Think
of
Enron,
WorldCom,
and
Tyco
International
as
examples
of
executives
going
to
jail.
Once
the
internal
controls
are
defined
for
review
and
approval
levels,
SavvyDox
provides
an
ideal
lightweight
and
inexpensive
solution
for
monitoring
compliance.
SavvyDox
enforces
document
version
control,
tracks
the
document
approval
process,
tracks
all
suggested
changes
to
documents,
and
retains
records
in
one
system
that
can
be
used
to
monitor
and
ensure
compliance.
SavvyDox
is
a
cloud
based
SaaS
solution
that
accepts
documents
in
Word,
PowerPoint
or
PDF
format.
It
pushes
those
documents
to
recipients
who
can
be
using
a
PC,
Mac,
iPad,
iPhone,
Android,
or
BlackBerry10.
The
documents
reside
on
the
recipient’s
desktop
or
mobile
device
rather
than
in
a
crowded
Inbox
where
they
can
be
lost
or
misplaced.
They
can
be
accessed
on
line
or
offline
and
SavvyDox
ensures
that
the
recipients
always
have
the
current
copy
of
the
document.
The
recipient
is
notified
that
they
have
a
new
document
to
review
or
approve
and
they
can
access
the
document
directly
from
the
notification.
The
reviewer
can
add
suggested
changes
to
the
document
and
they
also
have
an
icon
to
click
when
their
review
or
approval
is
complete.
SavvyDox
retains
a
record
of
who
the
document
was
sent
to,
when
the
required
action
is
to
be
completed,
and
can
even
track
progress
of
a
recipient
reading
a
document
page
by
page.
Using
the
SavvyDox
dashboard,
the
complete
lifecycle
of
the
document
can
be
tracked
and
project
managed
to
meet
required
delivery
dates.
In
one
inexpensive
and
easy
to
use
application,
the
internal
control
is
implemented
AND
monitored.
When
the
auditors
come
in
to
examine
the
internal
controls
and
actions
to
ensure
compliance,
all
the
required
information
is
in
one
location.
No
more
wasting
time
trying
to
find
emails
or
manual
files
to
validate
each
transaction.
It
will
take
less
time
for
the
person
monitoring
the
process
and
the
auditors
and
that
means
lower
fees.
Less
time
for
the
person
monitoring
the
process
and
for
the
executives
reviewing
all
the
documents
means
improved
productivity.
Underlying
all
of
this
is
the
significant
reduction
in
business
risk
from
non-­‐compliance
to
the
SOX
requirements
and
the
reduction
in
business
risk
of
an
unapproved
document
inadvertently
getting
out
the
door.
REVIEW
OF
QUARTERLY
AND
YEARLY
SECURITIES
DOCUMENTS
Every
quarter
and
at
year
end,
the
executive
team
must
review
and
approve
the
documents
that
are
required
from
a
publicly
traded
company.
Even
privately
owned
companies
send
updates
to
their
investors
that
must
be
vetted
by
the
executive
team.
There
is
one
particular
security
document
(10-­‐K)
that
is
normally
100+
pages
long
that
covers
every
department
within
the
company.
Not
only
does
it
include
financials,
it
includes
comments
on
key
activities,
significant
competitive
threats,
go
to
market
strategies,
changes
in
policies,
etc.
It
is
a
very
dry
document
that
is
a
difficult
read.
Usually,
it
is
somewhat
of
a
boilerplate
document
once
the
original
version
has
been
published.
There
are
changes
from
year
to
year,
but
the
document
is
definitely
not
a
complete
rewrite.
Normally,
when
the
document
is
circulated
to
executives
for
their
comments
and

3.
Simplifying
SOX
Compliance
!
approval,
it
is
a
clean
document
without
any
Word
Track
Changes
so
that
it
can
be
easily
read.
However,
that
means
that
the
executives
cannot
determine
what
has
changed
from
the
previous
version,
so
they
have
to
carefully
re-­‐read
the
entire
document.
That
can
take
an
hour
or
two
of
an
executive’s
time.
While
it
is
a
necessary
step,
the
lost
opportunity
cost
is
huge
since
it
is
an
enormous
waste
of
the
limited
time
that
an
executive
has
available
for
business
planning
and
execution.
SavvyDox
minimizes
the
amount
of
time
that
the
executive
has
to
spend
reading
that
10-­‐K
document
or
equivalent.
Once
the
first
version
of
the
document
is
released,
all
future
versions
will
contain
page
thumbnails
that
identify
the
pages
that
have
changed
since
the
previous
version.
The
executive
merely
reads
those
pages
rather
than
having
to
reread
the
entire
document.
The
executive
also
does
not
have
to
worry
about
missing
an
important
change
–
and
that
is
a
real
concern
when
complex
documents
are
reviewed
quickly.
When
the
executive
opens
one
of
those
changed
pages
in
SavvyDox,
they
see
the
changes
from
the
previous
version
highlighted
and
hovering
over
the
change
brings
up
the
previous
wording.
There
are
no
multi
colored
Word
Track
Changes
or
strikeouts!
Instead
of
hours,
the
executive
review
is
completed
in
minutes.
If
the
executive
wants
to
suggest
a
change
to
the
document,
they
merely
highlight
the
text
to
be
changed,
enter
the
suggested
change
in
a
text
box,
and
if
they
allow
that
change
to
be
distributed
to
all
reviewers,
everyone
sees
the
suggested
change
within
a
matter
of
seconds.
If
they
wish,
the
executive
may
even
add
a
personal
note
for
later
follow
up.
A
full
parallel
review
process
is
in
place
for
all
the
executives
reviewing
the
document
which
facilitates
improved
synergy
among
executives
rather
than
having
each
one
reviewing
the
document
on
their
own
in
isolation.
The
executives
can
even
reply
to
each
other’s
comments
providing
collaboration
capabilities
that
are
similar
to
a
face
to
face
meeting.
As
a
result
of
the
synergistic
collaboration,
the
quality
of
the
document
is
improved,
It
is
important
to
have
strict
control
over
who
changes
the
10-­‐K
document
since
the
wording
is
critical.
SavvyDox
ensures
that
control
by
allowing
all
the
reviewers/executives
to
suggest
changes,
but
only
the
owner/author
of
the
document
can
change
the
source
document
content.
At
the
end
of
the
review
cycle,
SavvyDox
has
captured
all
the
suggested
changes
and
approvals
from
all
the
reviewers
and
the
audit
trail
is
in
place
for
the
auditors.
SavvyDox
simplifies
the
10-­‐K
review
process,
improves
executive
productivity,
reduces
business
risk,
and
gathers
all
the
compliance
related
information
in
one
system
so
that
the
follow-­‐up
audit
is
quick
and
painless.
SUMMARY
SOX
compliance
is
mandatory
and
document
management
and
review
is
THE
key
component.
SavvyDox
can
improve
productivity,
reduce
risk
and
monitor
compliance
to
defined
processes
in
one
easy
to
use
inexpensive
application
that
can
be
implemented
in
a
matter
of
days.
The
User
Interface
is
so
intuitive
that
training
can
be
completed
in
10
minutes
using
an
online
video.
Many
of
SavvyDox
customers
don’t
even
need
the
training
–
they
just
jump
right
in
and
start
using
SavvyDox.
For
more
information
and
follow
up,
please
contact
us
by
email
at
sales@savvydox.com.