For many companies, the expectations of their SOX leaders are increasing. These organizations are not merely seeking someone to test financial reporting and IT controls.
They're looking for a leader who can help them comply with SOX requirements, navigate related regulatory demands, encourage control owners to take greater ownership and accountability, and collaborate with the business to foster a culture of risk management and controls compliance.
Individuals aiming to secure a SOX leadership role solely by demonstrating proficiency in control testing may find themselves either stuck in testing roles or landing leadership positions at companies that don't truly value comprehensive SOX management.
Here are nine steps modern SOX professionals can take to secure a future SOX leadership position at a company that values governance, risk management, and controls:
1. Become the go-to expert on SEC, PCAOB, and external auditor guidance
Summarize and educate your company on SEC Comment Letters and PCAOB inspection findings routinely. Don’t solely rely on external whitepapers for this. Form your own opinion on interpreting SEC guidance and corroborate it with your external auditor's thought leadership.
2. Successfully rationalize controls
Do whatever you can to be involved in or lead the SOX risk assessment. Be able to explain why certain controls should be in-scope, and routinely assess to identify controls that do not need to be tested for SOX compliance.
3. **Improve one aspect of the process of SOX compliance**
Here are a few ideas: Not using a purpose-built controls application? Go evaluate a few and purchase oneAlready using a purpose-built controls application? Meet with your vendor and find ways to improve how it is usedTransition SOX status reporting from manual, narrative updates to visual dashboardsCreate or streamline processes to onboard new control owners, assessing new applications for SOX compliance, updating narratives, assessing deficiencies, or collaborating with your external auditor.
4. **Network with other SOX Leaders**
Meet with 10 SOX Program leaders in your geography or industry to learn how they manage their SOX programs. Take detailed notes during your conversation. Additionally, share 1 or 2 of the best practices learned with your SOX leader or CFO, and a project plan on how to incorporate it in your own company.
5. Host a SOX Roundtable
Once you meet with 10 SOX program leaders, invite all 10 to a 90-minute meeting to share the best practices, themes, and trends you learned from each of their conversations. For the top 3 lessons learned, invite the SOX leader to share more context on how to lead this.Suggest meeting with this group quarterly, and encourage other SOX practitioners and leaders to join.
6. Create an opportunity to publicly share your SOX knowledge
Can you present 50 min on a SOX topic at an IIA or ISACA local chapter, or an AuditBoard virtual webinar? Many of the event planners crave speakers who 1. are not vendors, and 2. they don’t have to pay.
Presenting on SOX to a public audience will help you better organize your opinions, communicate your thoughts, and pressure test your strategies.
7. Network with a Risk Advisory partner in your geography and tell them you are open to SOX leadership opportunities.
These partners are likely the first to know when a SOX leadership role is open, and can be influential to the hiring manager on who to hire.
To start, I would just pick one to help. If they help you find a role, you should strongly consider their team to be your co-source provider.
Baker Tilly, CrossCountry Consulting, Crowe, Deloitte, EY, Protiviti, and RSM are all AuditBoard Strategic Alliance partners and would be happy to help here.
8. Bolster up your LinkedIn recommendations
I’d aim for at least one from:
- A former or current manager
- Someone you’ve managed
- A Corporate Controller
- A Control Owner
- Someone from your extended network (the higher the seniority, the better)
To make it easier to receive a great recommendation, write a draft recommendation and ask the individual to endorse it or modify it as they best see fit.
9. Have an opinion on:
- How SOX compliance can be the driving factor to a more Connected Risk organization
- How AI can benefit SOX Compliance
If you can check off each of these to-do’s, the perspectives you can share and stories you can tell hiring managers will be far superior than the others who are interviewing for the role. It’ll be your role for the taking.
And even better, the relationships you will have created or cultivated will last for your entire life.
