Sarbanes Oxley Act became effective in 2002 after notorious media coverage concerning several large companies failed to comply with federal rules and regulations in the area of financial accountability. With some additional requirements phased in over 2003-2004, the SEC has vigorously enforced effective provisions, both for companies and individuals.

Three key provisions required:

• Control – Companies are responsible for creating internal controls, which guarantee that accurate financial information is generated and communicated to executive management.
  
  
• Evaluation – Company CFO and Chief Executive must evaluate the effectiveness of the internal controls and report their conclusions as to their efficacy as of a date within 90 days of issuance of financial reports. These evaluations must be performed on at least a quarterly basis.
  
  
• Disclosure – CFO and Chief Executive must disclose to the company’s auditors and the audit committee of the board of directors all significant deficiencies in the design or operation of internal controls and any fraud, whether or not material, that involves employees with a significant role in the internal controls.

Life science companies are used to dealing with extensive regulatory requirements as part of daily operations, however, accounting departments have traditionally been under less scrutiny, especially with regard to FDA regulations. Recent experience with Part 11 provides a good base of understanding for SOX compliance issues.

• Information kept in uncontrolled spreadsheets with minimal security on network drives
• Data ported out of validated applications, then used for decision making
• “Bottom-up” growth of ad-hoc systems, rather than a single pre-planned process

Rather than introducing a regulatory corporate culture from scratch, companies can build on existing regulatory structures and help minimize the cost and struggle within IT to achieve multiple compliance initiatives. Many companies are already seeking to centralize all compliance issues (FDA, HIPAA, OSHA) within a single interface. The goal should be to incorporate SOX into this existing framework.

Several aspects of Sarbanes-Oxley Act are similar to Quality Compliance in FDA (QSR/GMP). To be successful, a company should focus on process (NOT PROJECT) and procedures –

• Creating them
• Documenting them
• Controlling/tracking them
• Training others about them
• Communicating about them

From identifying the risks to defining the objectives to recording process narratives to verifying compliance to identified controls to defining gap mitigation strategies to verifying the effectiveness of the mitigation strategies -- Pilgrim’s integrated compliance solution helps Life Sciences companies with multiple compliance initiatives including SOX to:

• Ensure compliance -- keep management updated on all internal control procedures
• Helps Life Sciences organizations -- with documenting, assessing, and correcting their internal control environments
• Enables greater focus and quicker time -- to analyze information and report on SOX requirements
• Integrates SOX requirements -- as another strategic compliance initiative
• Reduces SOX and compliance administrative and IT costs to increase profit – single platform solution

Smart Results…

Pilgrim Software provides valuable Professional Services to help ensure our staff of consultants provides everything you need for your Sarbanes Oxley implementation, from project management to system configuration and tailoring– helping you minimize your risk and maximize your return on investment.