Software // Information Management
Commentary
9/9/2004
10:28 AM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

SmartAdvice: Sarbanes-Oxley Compliance Is Ongoing, So Prepare For Now And In Future

Getting ready for Sarbanes-Oxley will test whether your company can meet the act's compliance guidelines for financial and IT controls, The Advisory Council says. Also, look for a general collaboration app when you decide to implement supply-chain forecasts; and use dashboard tools to manage outsourcing contracts for more control and greater ROI.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to smartadvice@tacadvisory.com


Question A: What can we do to prepare for the upcoming Sarbanes-Oxley compliance deadlines?

Our advice: Just as IT departments spent much of 1999 bracing and preparing for Y2K, so, too, must they now prepare for the upcoming Sarbanes-Oxley deadlines. However, unlike the one-time Y2K occurrence, Sarbanes-Oxley compliance will be an ongoing, everlasting phenomenon companies will have to incorporate into their IT systems and processes, and therefore preparations for Sarbanes-Oxley will have both short-term and long-term components.

Deadline
Section 404 of the Sarbanes-Oxley Act requires companies with market capitalization of $75 million or more to attest to the effectiveness of their IT and financial controls when they file their 10-K reports for fiscal years that end after Nov. 15, 2004. The 10-K is the annual report that provides a comprehensive overview of the business; it must be filed within 90 days of the end of the company's fiscal year. (Contrary to recent rumors, the SEC will not be extending the deadline for Section 404 compliance.)

Related Links

Summary of Sarbanes-Oxley Act of 2002

Sarbanes-Oxley Rulemaking and Reports

The Sarbanes-Oxley Guide for Finance and Information Technology Professionals



Preparation
In preparation for the Sarbanes-Oxley deadlines, IT departments are "freezing" systems. In effect, this means that any noncritical patches, upgrades, and installations, especially those that are likely to affect core business areas such as finance, accounting, manufacturing, distribution, and HR (for example, ERP systems), are being postponed until after the initial deadline. However, if any work still remains to meet Sarbanes-Oxley compliance requirements, that work must now take on a high priority in implementation and deployment plans.

Verification
For companies that haven't already done so, now is time for their finance and IT departments to work closely with auditors to verify their compliance with and controls relating to Sarbanes-Oxley. These include, but aren't limited to, documentation and processes around general ledger, accounts payable, accounts receivable, order-to-cash, procure-to-pay, real-time reporting, full disclosure, and risk management. Since definitions and specifics around these vary by company and industry, it's critical that internal finance and IT departments, and the corresponding business and technology auditors, agree on their interpretations of these concepts.

Support
Ultimately, the purpose of IT is to support the business. This applies to Sarbanes-Oxley compliance as well. Especially as the compliance deadlines draw near, it's critical that IT support the finance function in any way it can. This includes ensuring the validity of the controls that have been put in place, verifying the ability of real-time disclosure through workflow, and timely filing of 10-K's. In addition, as the auditors make recommendations of what needs to be incorporated into the systems to meet Section 404 requirements, IT must respond in a timely manner. While this may require long hours and personal sacrifices in the short term, these relationships, and the resulting robust IT systems, will pay dividends in how these various teams (finance, IT, and auditors) work together in the future.

Network
Finally, even though the road to compliance feels long and difficult, you don't have to do it alone. With scores of companies preparing for Sarbanes-Oxley deadlines, you're sure to find others, some in your own industry, with whom you can exchange ideas, share thoughts, discuss challenges and find solutions to your Sarbanes-Oxley woes. Join such discussion groups as the Sarbanes-Oxley Yahoo Group to network with peers and to explore resources that will assist you with your compliance efforts.

-- Sanjay Anand

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.