Banking Exchange Magazine Logo

Risk focus helps pull up SOX

ERM tool doubles as SOX compliance solution

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
Risk focus helps pull up SOX

Sometimes a tool that’s good for one task can also help accomplish another. When Susquehanna Bancshares needed to ramp up its approach to Sarbanes-Oxley Act compliance audit, it found the solution close to home, in a “GRC”—Governance, Risk management, and Compliance—package that the $18 billion-assets institution had already started using to manage audits.

Susquehanna faced two challenges. One was finding software that would meet its increasing needs for automating aspects of these processes. The other was finding a common language among various user and support groups for addressing risk.

Ken Hobbs, chief information security officer at the Lititz, Penn., bank, had been looking for a SOX compliance tool and not found anything quite right for the company’s needs. Then he decided to look at a GRC package that Susquehanna was already using, provided by DoubleCheck LLC.

Hobbs felt that, with adaptation and other tweaks, the DoubleCheck package could also be applied to SOX compliance audit. One of the strengths of the package, he says, was its facilitation of an up and down view of risks in the organization. The package was already being used to audit operations, and Hobbs believed the compliance component would meet the company’s SOX reporting requirements.

“When we recognized the need to escalate GRC as a way of managing risk, and in addition needed a new SOX tool, we looked around at what was available and realized it made a lot of sense to leverage some of the good work that had gone into making the audit tool useful,” says Hobbs. Other vendor solutions were explored, but in the end the bank opted to work with DoubleCheck to tailor the software to meet the SOX needs.

Hobbs had had experience with an earlier version of the software at another employer, which gave him confidence in the package’s capabilities.

“We were able to translate the audit and SOX terminology into some common broader enterprise risk management-based language,” Hobbs explains. “This more coherent approach was critical for us to move forward with a system that contained efficient validation of processes and provided excellent visibility of data and management of risks. Establishing a consensus, parsing and keying data, and building risk algorithms were a very important part of this process.”

The process of adapting the package for the bank ran about eight months, much of that time devoted to achieving agreement on a common language for risk throughout the organization. In addition to producing essential audit reports, the system provides information for risk committee and board-level presentations and reporting. Dashboards and other aids can be generated for analysis. Requirements for certification of compliance with SOX Section 302—which deals with accuracy of financial reporting—are also met.

“It’s a very versatile tool,” says Hobbs. With the revisions supporting expanded use, now, when validating groups look at the audit and SOX data in the system, they concurrently see risks and controls in a common language.

[Subsequent to our interview with Hobbs, BB&T announced its agreement to acquire Susquehanna. Management anticipates that the deal will be consummated in mid-2015.]

back to top


About Us

Connect With Us


Webinar: Real-Time Payments in the U.S. Market

Time/Date: June 16, 2021 2:00 p.m. ET

The U.S. has come a long way in its journey to real-time payments, with TCH and Zelle in market and FedNow just around the corner. COVID-19 has accelerated that demand to move to real-time. Yet many financial institutions remain unconvinced of the need to move, with less than 3% of financial institutions signed up today.

In this Banking Exchange hosted webinar Celent’s Gareth Lodge, Senior Analyst, Global Payments, and Alacriti’s Mark Ranta, Payments Practice Lead, discuss the findings in the Celent research report, Real-Time Payments in the US Market: Speeding Up or Slowing Down? A Call to Arms.


This webinar is brought to you by:
Alacriti logo