Global Journal of Management and Business Research, A: Administration and Management, Volume 23 Issue 10

Sustainable Compliance Programs in Complex Organizations Global Journal of Management and Business Research ( A ) XXIII Issue X Version I Year 2023 17 © 2023 Global Journals A ppendix A Survey Questionnaire Section 1: SOX Implementation 1) What best describes your company’s SOX compliance status? • Completed year 1, working on year 2 • In the midst of Year 1 now • Still to start year 1 • Not required to comply with SOX • Other (Pls. Specify) 2) Which group/role leads the effort for SOX compliance today? • CFO • Chief Compliance Officer • Controller • Internal Audit • IT • Business Unit Management • Other (Pls. Specify) 3) What were the significant cost elements that you incurred to fulfilling the SOX compliance obligations? (Rate 1-6, 1 being the most expensive). • Auditor fees • External consultant fees • IT System purchase fees • IT System implementation fees • Consulting (internal/external) Resources fees • Internal Process change/alignment costs • Other (Pls. Specify) 4) Is the SOX compliance effort managed by the same team running the Risk Management program in your company? • Yes • No 5) Do you consider the SOX requirements while managing the overall Risk Program in your organization? • Yes • No 6) Do you re-use the resources between the risk management program and SOX program? (Select multiple options as applicable) • Audit Personnel • Process design • Internal Controls design • IT Systems (Pls. Specify) • Others (Pls. Specify) Section 2: Compliance Programs – Influencers 7) Please state the ‘Mandatory’ compliance programs you’re company needs to fulfil • Financial Regulatory programs (e.g.) Sarbanes- Oxley, FASB/IAS • Privacy regulations (e.g.) EU directive, industry specific regulations • Health and Safety regulations • Other (Pls. Specify) 8) What areas do you consider critical when looking to improve the cost effectiveness in fulfilling the compliance obligations? (Pls. Rate 1-6, 1 being the most critical) • IT/Technology improvements/investments • Organization Culture • Employee Training and Development • Process Standardization and Consistency • Strategy Formulation process • Management structure (e.g.) CIO, Chief Compliance Officer etc • Other (Pls. Specify) 9) Do you have ‘Mandatory’ training program for your employees on compliance regulations? • Yes • No 10) What areas of compliance do these training programs cover? • Business Ethics • HR • Sales practices • Financials & Reporting • Other (Pls. Specify) 11) What type of training programs does your organization run? • Online, Self-service managed by employees themselves • Class-room, Instructor-led (including, ‘train-the- trainer’) • Combination (Pls. Specify) • Other (Pls. Specify) Section 3: IT Systems & Processes 2 What type of IT structure exists in your company? • Centralized • De-Centralized (i.e.) business unit, regional • Mixed 12) What type business systems do you run in your company > • Packaged software (ERP, CRM) • In-house developed systems • Manual spreadsheet-based system • Other (Pls. Specify) 13) What is your biggest concern with your IT systems with respect to Compliance regulations? • Access control to systems • Consolidated information availability