SmartAdvice: Sarbanes-Oxley Compliance Is Ongoing, So Prepare For Now And In Future
Getting ready for Sarbanes-Oxley will test whether your company can meet the act's compliance guidelines for financial and IT controls, The Advisory Council says. Also, look for a general collaboration app when you decide to implement supply-chain forecasts; and use dashboard tools to manage outsourcing contracts for more control and greater ROI.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to firstname.lastname@example.org
Question A: What can we do to prepare for the upcoming Sarbanes-Oxley compliance deadlines?
Our advice: Just as IT departments spent much of 1999 bracing and preparing for Y2K, so, too, must they now prepare for the upcoming Sarbanes-Oxley deadlines. However, unlike the one-time Y2K occurrence, Sarbanes-Oxley compliance will be an ongoing, everlasting phenomenon companies will have to incorporate into their IT systems and processes, and therefore preparations for Sarbanes-Oxley will have both short-term and long-term components.
Section 404 of the Sarbanes-Oxley Act requires companies with market capitalization of $75 million or more to attest to the effectiveness of their IT and financial controls when they file their 10-K reports for fiscal years that end after Nov. 15, 2004. The 10-K is the annual report that provides a comprehensive overview of the business; it must be filed within 90 days of the end of the company's fiscal year. (Contrary to recent rumors, the SEC will not be extending the deadline for Section 404 compliance.)
In preparation for the Sarbanes-Oxley deadlines, IT departments are "freezing" systems. In effect, this means that any noncritical patches, upgrades, and installations, especially those that are likely to affect core business areas such as finance, accounting, manufacturing, distribution, and HR (for example, ERP systems), are being postponed until after the initial deadline. However, if any work still remains to meet Sarbanes-Oxley compliance requirements, that work must now take on a high priority in implementation and deployment plans.
For companies that haven't already done so, now is time for their finance and IT departments to work closely with auditors to verify their compliance with and controls relating to Sarbanes-Oxley. These include, but aren't limited to, documentation and processes around general ledger, accounts payable, accounts receivable, order-to-cash, procure-to-pay, real-time reporting, full disclosure, and risk management. Since definitions and specifics around these vary by company and industry, it's critical that internal finance and IT departments, and the corresponding business and technology auditors, agree on their interpretations of these concepts.
Ultimately, the purpose of IT is to support the business. This applies to Sarbanes-Oxley compliance as well. Especially as the compliance deadlines draw near, it's critical that IT support the finance function in any way it can. This includes ensuring the validity of the controls that have been put in place, verifying the ability of real-time disclosure through workflow, and timely filing of 10-K's. In addition, as the auditors make recommendations of what needs to be incorporated into the systems to meet Section 404 requirements, IT must respond in a timely manner. While this may require long hours and personal sacrifices in the short term, these relationships, and the resulting robust IT systems, will pay dividends in how these various teams (finance, IT, and auditors) work together in the future.
Finally, even though the road to compliance feels long and difficult, you don't have to do it alone. With scores of companies preparing for Sarbanes-Oxley deadlines, you're sure to find others, some in your own industry, with whom you can exchange ideas, share thoughts, discuss challenges and find solutions to your Sarbanes-Oxley woes. Join such discussion groups as the Sarbanes-Oxley Yahoo Group to network with peers and to explore resources that will assist you with your compliance efforts.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.