Gaining Strength From Sarbox

The survey also has brought a sense of unity to a company that's sprawled out over 125 countries, Howells says. And the process of developing a standard way of documenting and testing financial-reporting controls has led to standardization in other accounting processes and policies. "That shift would have taken much longer if it hadn't been for Sarbanes-Oxley," Howells says.

United Technologies is making Sarbanes-Oxley compliance a part of its "Achieving Competitive Excellence" continuous-improvement effort. "There are a lot of parallels between the goals and methods employed in both Sarbanes-Oxley compliance and continuous-improvement programs," Haberland says.

Sometimes tools that aren't explicitly related to compliance have worked in companies' favor as they attempted to meet Sarbanes-Oxley mandates. Syngenta Crop Protection Inc., an agri-chemical producer with $3 billion in annual revenue, realized that cash receivables software it installed from Emagia Corp. in May 2003, a full 18 months before Sarbanes-Oxley's section 404 went into effect, would also strengthen the company's internal controls and reduce the cost of compliance.

In addition to improving cash flow, the software automatically reviews each of Syngenta's more than 5,000 customer accounts and performs risk scoring, which is the basis for making credit-granting decisions. The software helps satisfy compliance with Sarbanes-Oxley internal-controls requirements pertaining to accounting, such as maintaining audit trails for credit-granting decisions and documenting that credit policies are in place and being followed.

"Sarbanes-Oxley requires that you have a policy and that it's being followed consistently," says Bert McCuiston, head of credit, receivables, and cash management at Syngenta. By continuously monitoring all of Syngenta's accounts, the Emagia software has made Sarbanes-Oxley compliance a "piece of cake," he says. Instead of McCuiston having to gather stacks of customer statements and present them to company auditors on a weekly or monthly basis, the software does the work for him.

Still, with the need to devote so much time and resources to complying with Sarbanes-Oxley, you won't find many companies that truly can say the benefits outweigh the costs. Although compliance may one day have a transformational impact on MasterCard, for the moment, "the cost of that transformation exceeds the value," McWilton says.

And some companies have been so absorbed in meeting Sarbanes-Oxley's requirements that they haven't had time to consider whether the work might be a catalyst for business-process changes.

That's the situation at AGL Resources Inc., an energy-services holding company that has spent $4 million on internal staff, consultants, and external auditors for Sarbanes-Oxley tasks. "Most companies in 2004 were more worried about getting in compliance," says Ron Lepionka, AGL's chief auditor. The company has implemented business-process-management software from Oversight Systems Inc. to test its entire population of procure-to-pay transactions to pinpoint possible errors or fraud and plans to use that as part of its Sarbanes-Oxley compliance efforts this year. It's also designing new tests of its internal controls. "In 2005, many companies will start looking at improving processes and automating controls," Lepionka says.

The sooner the better, says Steve Hill, national partner in charge of risk-advisory services at accounting services firm KPMG LLP. By incorporating financial controls and other Sarbanes-Oxley-inspired processes and technologies sooner rather than later in planning decisions, companies will be both more efficient and effective, he says.

"Five years from now," Hill predicts, "people will look back at their compliance initiatives as a catalyst for business improvement."

Continue to the sidebars: Add It Up: Compliance Doesn't Come Cheap