"Sarbanes-Oxley is the most sweeping legislation to affect US publicly traded companies since the Great Depression"  Gartner Group

The Sarbanes-Oxley (SOX) act was introduced into the USA following the massive bankruptcies of Worldcom and Enron and an alleged $7 trillion loss in US stock market capitalisation, after investors lost faith in the transparency of corporate financial practices.

Sections 302 and 404 of the SOX act specifically require public US companies to establish, implement and evaluate their internal controls for purposes of financial statement reporting and operational integrity.

For medium and small-capitalised public companies, certification of disclosure/internal controls represent perhaps the most time consuming and costly SOX compliance areas. The reason is simple: many such companies have either non-existent or limited formal documentation of their disclosure and internal controls. Prior to the introduction of SOX this did not pose much of a problem for auditors since reliance on internal controls could be effectively eliminated by using substantive or balance tests.

However, with the introduction of SOX companies without formal, or insufficient, documentation must now establish and implement these necessary controls. Once established, these controls must satisfy a range of audit test to provide reasonable assurance that they are operating effectively.

Understanding business processes, documenting them and ensuing they are being applied are the keys to SOX compliance.

Using XempleX to model and build a company's business process results in processes that are: -

Visible - Because process models built using XempleX are inherently visual in nature the individual steps that comprise the overall process are easily identified and verified. Models built using XempleX are usually done in a collaborative framework such that many minds that work in, and hence understand, the business process can document the model and verify its correctness. The visual nature of a XempleX model enables the efficiency and effectiveness of a business process to be continuously reviewed and improved.

Understandable - XempleX models are built from standard logic blocks such as add, divide and multiply. Users are quickly comfortable with such familiar symbols and are able to understand the logic behind a process, be it one they have developed or developed by others.

Reusable - Once constructed, XempleX models can be stored in a central repository and reused throughout an organisation. Models can be certified and then locked so a user is assured the model has been verified, is able to use it but not change it.

Auditable - Unlike computer programs or spreadsheets the logic in a XempleX model is immediately visible. Such visibility and ease of understanding greatly simplifies the audit task. Once audited a model can be locked before being distributed or included within other process models. This ensures the audit integrity is maintained over time.