When the Public Company Accounting Oversight Board (PCAOB) issued Auditing Standard 5 (AS5) guidance in May, most finance executives believed the worst of the Sarbanes-Oxley Act was behind them, and they would be correct–if their biggest goals were compliance and cutting auditing costs. While the new rule gives companies the green light to take a management-directed, top-down, principles-based approach to the SOX controls audit, it doesn’t provide any clue about how to translate the new SOX risk management approach into great performance. “That’s the ultimate challenge,” says Eric Keller, the CEO of accounting software provider Movaris Inc. “How do companies keep their eyes on performance rather than on the rearview mirror [of GRC]?”
One key to answering that question, according to Keller, is getting real-time visibility into risk management. That’s the conceit of Movaris’ Unity 10–a technology approach for unifying GRC with business performance management. Unity 10 provides role-based dashboards for company-specific risks, along with a new enterprise risk management (ERM) module that lets the CFO, CEO or CRO drill down into the data, take inventory of risk areas and slice and dice risk data. “Companies are telling me that they want to evaluate the performance with the risk,” observes John Hagerty, a GRC and BI analyst from AMR Research in Boston. With this product, Movaris appears to be “moving to a performance management view of the world.”