The Silver Lining In SOX - InformationWeek
Software // Information Management
06:53 PM

The Silver Lining In SOX

Use Sarbanes-Oxley financial compliance initiatives to justify automation, eliminate spreadsheets and develop process consistency.

Most large public companies are in the throes of their first annual audits under the financial reporting provisions of the Sarbanes-Oxley Act (SOX). Processes have been documented, risks defined and controls put in place, yet few companies have made the fundamental changes to financial systems and processes that will enable them to comply with the law efficiently.

Consider the impact on competitiveness and profitability if you could close financial reports more quickly, provide accurate and consistent information to the field sooner, and expand the scope of financial data to include more operational figures and predictive performance indicators.

Long-term solutions for SOX compliance all but demand financial systems redesign. Rather than take a piecemeal approach focused on compliance alone, look for process and system changes that will have a broader impact. By eliminating manual steps and automating wherever possible, you can improve finance department efficiency and corporate decision-making while also building in compliance controls and avoiding costly auditing steps. You may even discover the capabilities needed to support process improvement already exist — unused or underutilized-in your enterprise resource planning (ERP), business intelligence (BI) and reporting systems.

SOX Drives Fundamental Changes

SOX is sweeping legislation that addresses financial control, financial transparency and auditor independence. (See "Sarbanes-Oxley: The Darkest Clouds" for a summary of provisions that affect U.S. public companies.) Some of the detailed SOX rules affect companies directly, while other rules have an indirect effect, such as requiring greater audit scruitiny (and therefore higher fees) from public accounting firms.

SOX introduces significant changes to financial practice and corporate governance regulations. Out of 11 titles, section 404 causes most concern: Publicly traded companies must have policies and controls in place to secure, document and process financial results. (See "Sarbanes-Oxley: The Darkest Clouds.")
Most public companies must meet the financial reporting and certification mandates for any end-of-year financial statements filed after November 15th.

SEC postpones by one year a deadline for large corporations to speed up filing of annual and quarterly financial reports. This extension gives corporations two extra weeks to adjust by holding the submission period at 75 days for 2004 reports.
After Dec. 15, 2005, most large public companies must file 10-Ks within 60 days after year end and 10-Qs within 35 days of the end of each quarter.

Compliance will grow to a $1.62 billion-per-year industry, according to AMR Research.
Among the SOX rules that apply directly to U.S. public companies, perhaps the most onerous is Section 404. In place of informal systems that relied on the integrity of financial executives, common sense and after-the-fact postreporting audits, Section 404 has introduced formal systems aimed at building in control. The objective of this total quality management approach is to prevent fraud from occurring in the first place.

Given the fundamental change in approach demanded by Section 404, designing and documenting controls for financial processes as they existed before SOX amounts to paving over cow paths. Faced with tight compliance deadlines, some companies have taken this approach, but leaving financial processes as they are will ultimately drive costs higher. Finance organizations that are subject to SOX are expending as much as 10 percent of their labor on compliance, according to research by Ventana. Within a large public company, this figure represents millions of dollars in costs that could be eliminated through a structured approach.

Address Efficiency

Among more than 100 finance and IT executives who participated in a recent Ventana study, most agreed that fundamental process and financial system design changes are needed. More than 80 percent said it's either "important" or "very important" to automate manual accounting processes such as rekeying data, entering accruals and making adjustments. Executives also ranked "harmonizing the company's charts of accounts" and "reducing spreadsheet use" as important goals.

Harmonizing charts of accounts (in other words, how the books are organized) across a company can save big money because it simplifies managerial and financial processes (including consolidation) and external audit processes. Companies typically feed core financial processes with hundreds of spreadsheets located on individual desktops or, perhaps worse, on shared servers. These tools are uncontrollable, offering no reliable audit trail that ensures data integrity. Consequently, spreadsheets are difficult (and therefore expensive) to audit. Studies have also shown that they're rife with flawed formulas and, as a result, bad data.

Spreadsheets also pose compliance problems because they can serve as the point of entry for fraudulent schemes. A set of inflated figures from a rogue executive or business unit might not set off red flags in a spreadsheet, but an automated approach could eliminate manual data entry and add systematic controls. Introducing spreadsheet controls such as separation of duties can actually require additional testing and auditing — and even more inefficient human activity and expense.

Redesigning financial systems can eliminate many of the inefficiencies and compliance headaches presented by charts of accounts and spreadsheets while also addressing another common problem: process inconsistency. In some companies, dozens of variations exist in how accounts payable alone is executed. These variations drive up compliance costs by demanding multiple control methods and more difficult, expensive audit processes.

Promote Effectiveness

Efforts to comply with SOX can also improve financial system efficiencies and financial processes. The first step toward more effective financial management is shifting activities and resources away from manual accounting and transaction processes and toward automated approaches. There's a direct connection between the changes needed to comply with Section 404 and the streamlining necessary for better efficiency and profitability.

You don't have to transform all financial processes overnight, but senior finance and IT executives should set specific one- and two-year process improvement objectives and a road map for implementation. Eliminate spreadsheets wherever possible. You'll save time and labor while also reducing the need for compliance-oriented financial controls, testing and documentation.

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll