The Silver Lining In SOX

Use Sarbanes-Oxley financial compliance initiatives to justify automation, eliminate spreadsheets and develop process consistency.
SARBANES-OXLEY: The Darkest Clouds
• Sarbanes-Oxley Section 404 requires all public companies to include "internal control" reports in their annual reports. The reports affirm management responsibility for establishing and maintaining adequate internal control structures and procedures for financial reporting. They also include the management's assessment of the effectiveness of the company's internal control structure and procedures for financial reporting. As part of an annual audit, the company's auditors must attest to, and report on, the management's assessment in a manner consistent with acceptable standards.

Section 404 has been the most onerous mandate within SOX because most public companies had operated their financial systems on a largely informal basis. Companies have had to document their internal control systems, determine how the controls may be vulnerable and devise ways to test the controls for effectiveness.

• Sarbanes-Oxley Section 302 requires CEOs and CFOs to incorporate statements with the audit reports to certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer." It's an ongoing attestation to the correctness of the financial statements. Executives who knowingly give false attestations can incur substantial penalties.

• Sarbanes-Oxley Section 409 accelerates the reporting of material events. Reflecting this change, the SEC shortened the reporting period from five to four business days, added eight new events that must be reported in form 8-K, transferred two disclosures from periodic reports and expanded some disclosure items. Section 409 doesn't require companies to report every "material change" in their businesses, only specific items enumerated by the SEC. The list is certain to grow over time, but almost all of the items are events and information that are not currently captured by most transaction processing systems such as ERP. (See "Compliance Timeline" for information about filing deadlines.)

RIPPLE EFFECT: Sarbanes-Oxley Act
Public corporations are required to report on and have executives and auditors sign off on the existence of adequate internal control structures and procedures for financial reporting.

Financial executives, auditors, compliance officers and consultants scramble to document "as-is" processes, internal control systems and inherent risks. Controls and tests are devised to fill in the gaps.

In developing "to-be" processes aimed at long-term compliance, executives target inefficient manual processes that are too cumbersome and expensive to control and audit. Business process management and performance management approaches present ways to automate accounting, transaction processes and reporting with built-in compliance controls.

Automated processes improve efficiency and flexibility while ensuring financial transparency and compliance. Error-prone spreadsheets are eliminated and charts of accounts harmonized to bolster data accuracy and consistency, eliminating delays and errors in financial reporting. Managers take advantage of better data and leading indicators to support better planning and timely decisions. Financial results improve along with the reliability of reporting, enhancing stock performance, management credibility and company reputation.
Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer