SOX 404 and ERM: Perfect partners … or not?

The Sarbanes-Oxley Act (SOX) Section 404 regulations and guidance have had a large impact on the adoption of enterprise risk management (ERM) in the United States. In the short run, SOX 404 has impeded the adoption of risk-based approaches because of its rules that are totally counter to a holistic, risk-based approach. In the longer run, SOX provides an opportunity for even faster adoption of ERM—but only if there is more radical thinking on the part of regulators and practitioners alike in training, education, and certification of this body of knowledge. © 2007 Wiley Periodicals, Inc.