Case StudyConsumer products company achieves Sarbanes-Oxley compliance, while lowering cost through operational efficiency and automation |
AbstractMastodon Consulting helped a mid-sized consumer products company achieve first-year SOX compliance, while developing a comprehensive IT Governance model and executing against that vision, building a culture of discipline and accountability. Refined operations and engineering processes to balance operational reliability with strategic positioning. Mastodon reduced costs by developing, improving and automating processes, driving redundant work out and gaining efficiency. The ChallengeA newly-public consumer products company faced a regulatory compliance deadline for Sarbanes-Oxley, to validate the accuracy of their financial results. Given the complexity of the regulations, the short timeframe for compliance and the high cost of non-compliance, the company solicited Mastodon's assistance in designing and implementing IT controls. While many organizations take a checklist approach to compliance, adding bureaucracy and slowing processes down, Mastodon showed the client how to use compliance as the excuse they needed to shore up their IT infrastructure, automating many process and achieving greater scalability for future growth.First, Mastodon developed risk assessments and conducted reviews of existing systems for appropriate security, management, and data integrity. To do this, the team worked with process owners and subject matter experts, to understand existing processes and controls, and to determine gaps with COSO, COBIT and other relevant standards. Care was taken to ensure completeness, accuracy and consistency of controls, emphasize easily sustainable controls via automation whenever possible. Finally, Mastodon planned changes and remediated controls. Mastodon worked closely with the client to assimilate these controls into the normal course of business. The company needs to be able to perform the activities critical to compliance, without giving up so much bandwidth that the organization is less responsive to real issues. How We HelpedMastodon Consulting helped the company understand the implications of the regulations and develop an approach that would address their needs. Mastodon brought a blend of regulatory knowledge, experience with the systems critical to the organizationýs business, and change management expertise. Mastodon's services included:
Lessons LearnedWith full compliance now in place, the company has reduced costs by developing, improving and automating processes, driving out redundant work and gaining efficiency. The company realized a radical decline in the time and money invested by IT and the business on compliance issues, due to greater transparency and automation. Efficiencies driven by doing SOX compliance "the right way" have resulted in streamlined procedures, standardized IT and accounting systems, and significantly reduced manual tasks. These changes increased shareholder value, and helped prepare the organization for future growth.The company now has a high degree of confidence that controls will maintain or improve in integrity over time, allowing them to focus on whatýs actually important to the business. |