SmartAdvice: Sarbanes-Oxley Compliance Is Ongoing, So Prepare For Now And In Future
Getting ready for Sarbanes-Oxley will test whether your company can meet the act's compliance guidelines for financial and IT controls, The Advisory Council says. Also, look for a general collaboration app when you decide to implement supply-chain forecasts; and use dashboard tools to manage outsourcing contracts for more control and greater ROI.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to firstname.lastname@example.org
Question A: What can we do to prepare for the upcoming Sarbanes-Oxley compliance deadlines?
Our advice: Just as IT departments spent much of 1999 bracing and preparing for Y2K, so, too, must they now prepare for the upcoming Sarbanes-Oxley deadlines. However, unlike the one-time Y2K occurrence, Sarbanes-Oxley compliance will be an ongoing, everlasting phenomenon companies will have to incorporate into their IT systems and processes, and therefore preparations for Sarbanes-Oxley will have both short-term and long-term components.
Section 404 of the Sarbanes-Oxley Act requires companies with market capitalization of $75 million or more to attest to the effectiveness of their IT and financial controls when they file their 10-K reports for fiscal years that end after Nov. 15, 2004. The 10-K is the annual report that provides a comprehensive overview of the business; it must be filed within 90 days of the end of the company's fiscal year. (Contrary to recent rumors, the SEC will not be extending the deadline for Section 404 compliance.)
In preparation for the Sarbanes-Oxley deadlines, IT departments are "freezing" systems. In effect, this means that any noncritical patches, upgrades, and installations, especially those that are likely to affect core business areas such as finance, accounting, manufacturing, distribution, and HR (for example, ERP systems), are being postponed until after the initial deadline. However, if any work still remains to meet Sarbanes-Oxley compliance requirements, that work must now take on a high priority in implementation and deployment plans.
For companies that haven't already done so, now is time for their finance and IT departments to work closely with auditors to verify their compliance with and controls relating to Sarbanes-Oxley. These include, but aren't limited to, documentation and processes around general ledger, accounts payable, accounts receivable, order-to-cash, procure-to-pay, real-time reporting, full disclosure, and risk management. Since definitions and specifics around these vary by company and industry, it's critical that internal finance and IT departments, and the corresponding business and technology auditors, agree on their interpretations of these concepts.
Ultimately, the purpose of IT is to support the business. This applies to Sarbanes-Oxley compliance as well. Especially as the compliance deadlines draw near, it's critical that IT support the finance function in any way it can. This includes ensuring the validity of the controls that have been put in place, verifying the ability of real-time disclosure through workflow, and timely filing of 10-K's. In addition, as the auditors make recommendations of what needs to be incorporated into the systems to meet Section 404 requirements, IT must respond in a timely manner. While this may require long hours and personal sacrifices in the short term, these relationships, and the resulting robust IT systems, will pay dividends in how these various teams (finance, IT, and auditors) work together in the future.
Finally, even though the road to compliance feels long and difficult, you don't have to do it alone. With scores of companies preparing for Sarbanes-Oxley deadlines, you're sure to find others, some in your own industry, with whom you can exchange ideas, share thoughts, discuss challenges and find solutions to your Sarbanes-Oxley woes. Join such discussion groups as the Sarbanes-Oxley Yahoo Group to network with peers and to explore resources that will assist you with your compliance efforts.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.