Current Issue    Archived Articles  
  Jan 15 05    Oct 15 04    July 15 04    April 15 04    Jan 15 04    Oct 15 03    July 15 03    April 15 03    Jan 15 03    Oct 15 02  
location  :  Archived Articles    -->  Jan 15 04    -->  Understanding Between the Lines: Sarbanes-Oxley Act of 2002   
search this site
 
 
 
 
For More Information, visit...
 
 
 
 

Understanding Between the Lines: Sarbanes-Oxley Act of 2002

by Ronald Lyman
Sarbanes-Oxley Senior Practice Lead
SBI and Company

What is the Sarbanes-Oxley Act of 2002?
On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002 (SOX), arguably the most significant legislation affecting the business of public companies since the Securities Exchange Act of 1934. Largely in response to a number of major corporate and accounting scandals, the Act is designed to ensure ethical business practices and bolster investor confidence by specifically mandating a public company's corporate governance requirements, financial reporting transparency and related internal controls.

How does Sarbanes-Oxley Affect Corporations?
As the most significant and comprehensive revision to federal securities law in over 60 years, SOX affects the conduct of business by all public companies and also private companies about to become public companies.

The Act brings a new legal and regulatory focus on internal controls, including the timely ability to access and analyze information with respect to a company’s finances and operations. This requires an organization to have effective and efficient communication about internal controls and enforces better communication between the CEO and finance personnel. 

The Act elevates the importance of the audit and raises the bar on the quality and precision of financial reporting.   Public company executives are personally responsible for meeting the new high standards and for the overall financial integrity of their companies.

All levels of employees of public companies are affected by the Act, as they are expected to be aware of their company’s code of ethics and be able to identify fraudulent behaviors and actions within the corporation.

What does Sarbanes-Oxley contain?
The Sarbanes-Oxley Act is organized into eleven titles under which there are 66 sections. These sections include topics ranging from the establishment of a public company accounting oversight board (PCAOB) and external auditor for internal financial and operational controls (independent of corporate management responsibility certification), to safeguarding corporate assets. The Act contains substantial criminal penalties and fines for violations. Unfortunately, there also exists a good deal of redundancy within these 66 sections that has caused some confusion.

What Controls must be Certified?
Generally, the Act requires executives to certify that the financial reporting of operations and cash flow represents a “fair presentation” of a company’s financial condition.   It is believed that companies already have (or should have) in place effectively designed controls over financial reporting data.

The SEC intends for companies to ensure they also have in place controls related to non-financial reporting data that is comparable to that which already exists for financial reporting.  For example, poor controls around the business processes associated with contracting can directly affect the companies financial reporting. Contracts sold and approved without proper controls can result in booked revenue for products or services that cannot be delivered to the customer (often only determined after a period time has passed). This could result in restatements of revenue in the company’s financial statements.

IT Problem or Opportunity?
The challenge for corporations lies in their ability to implement, document, and monitor controls and processes throughout multiple corporate locations and reconcile a variety of systems and processes across the enterprise.  A number of recent industry publications have questioned whether this is really a problem for the IT organization or an opportunity in disguise.  Many It departments, already overburdened with keeping the lights on in spite of layoffs, look at the new standards as an additional burden.  Computerworld, however, recently editorialized that it could, in fact, make a hero out of the CIO and IT organization.  They, and the other publications, have encouraged the IT organization to "take advantage" of this opportunity to remediate long-standing "thorns" that have persisted over the years.

Use the Opportunity to your Advantage
Remediating controls, digital asset management, and workflow problems can result in:

  Improved IT performance to your business users

  Improved accuracy of results


Improved morale within the organizatrion staff-- more time creating and less time fixing.

It is recommended that the IT organization first start by creating a Sarbanes-Oxley Program Management Office (PMO) to conduct an assessment and prioritize initiatives according to criticality and where you’ll get the most payback with the least effort (Quick Hits). It’s important that business functions be reviewed from an overall, integrated standpoint. In other words, the “dots” must be “connected” to have a hope of complying with SOX. 

Where to Begin?
As stated earlier, focusing on core and business critical business functionality in the beginning, in a phased, step- by-step manner is recommended. Trying to “solve world hunger” will result in continued analysis, little remediation and frustration – not to mention the cost. A phase that completes analysis through remediation of an identified area in three to four months with a team of both IT engineers and business process engineers we feel produces the best results.   This also allows the PMO to continue the assessment of additional business areas while managing the results of the small remediation teams

For the Executive

  • SOX compliance begins with having access to the right data at the right time. 
  • SOX compliance can be a catalyst for business process improvement
  • Implementing an executive dashboard can not only improve financial decision support it keep your pulse on critical compliance data.

For the Technology Owner

The issues with managing better controls for SOX compliance are similar to those of data management.   Issues such as:

  • Missing or erroneous controls in applications or business processes,
  • Document management and workflow
  • archiving procedures

These result in continual demand on critical - and already overburdened - IT resources.       

Start by solving these problems and SOX compliance will fall into place.

Datatrend's TrendSetter eNewsletter
January 15, 2004