IT must play a vital role in compliance by using technology to gather and share accurate and timely information from across all areas of the organization. It is an effective solution to overall SOX compliancy, and it assures corporations that they are in compliance. There are several systems that accurately collect business information, but business intelligence (BI) is the only one that spreads itself across every facet of the organization.
Organizations that already have an enterprise reporting strategy in place are finding that a majority of the complicated regulations can be met with existing BI tools and systems. From integrating and storing financial data to providing real-time visibility and information in a collaborative environment, BI solutions provide the overall framework to ensure regulatory compliance.
Sarbanes-Oxley
The most important sections of the Sarbanes-Oxley Act regarding compliance are summarized as follows:
Section 302 - Corporate Responsibility for Financial Reports
a) The CEO and CFO must review all financial reports.
b) The financial reports must not contain any misrepresentations.
c) The information within the financial reports must be presented fairly.
d) The CEO and CFO are personally responsible for the internal accounting controls.
e) The CEO and CFO must report any deficiencies in the internal accounting controls and any other fraud involving the management of the audit committee.
f) The CEO and CFO must indicate any material changes in internal accounting controls.
Section 404 - Management Assessment of Internal Controls. Section 404 causes the most concern for organizations as it states that the company must publish financial information annually and an independent, registered accounting firm must assess the company and issue a separate report on the effectiveness of their internal controls and processes for financial reporting.
Section 409 - Real Time Issuer Disclosures. Section 409 asserts that the company is required to disclose information regarding material changes in its financial condition or operations on a "rapid and current basis."
Section 802 - Accurate Records. This section states that the company must guarantee authentic, immutable records and retention.
Section 902 - Conspiracies to Commit Fraud. Section 902 points out that it is a crime for any person to change, destroy, damage or conceal any document with the intent to impair its integrity or availability for use in an official proceeding.
Section 906 - Records Compliancy. This section focuses on management's responsibilities again and states that all reports (annual and periodical) containing financial information comply with Sarbanes-Oxley and accurately reflect the company's financial condition.
Sections S-X - Securities Act and Exchange Act. Sections S through X are Securities Act forms and Exchange Act forms that cover plans for purchase/sale, the company's code of ethics, invitations for competitive bids, power of attorney, letters of resignation, etc.
Noncompliance with SOX could result in one or several of the following penalties:
- the organization would not be allowed to trade
- heavy fines for the CEO and/or CFO
- prison sentences for the CEO and/or CFO
- credit downgrades
- loss of investor confidence
Since SOX was initiated, there have been improvements discovered in corporate governance. Boards are becoming increasingly independent, audit committees are acting with newfound skepticism and autonomy, and CEOs are assuming greater responsibility for their company's financial reporting. However, SOX compliance is not a one-time event; it is an ongoing process that must be constantly monitored and managed. As companies move to instituting ongoing compliance efforts, many are depending on technology to ensure accurate control over their compliance mission.
Compliance Challenges
There are several issues that need to be addressed in order to achieve long-term SOX compliance.
Manual Processes. According to AMR Research ("Business Analytics: Delivering Compliance and Competitive Advantage," Siebel Systems, Inc., February 2005) , 65 percent of large organizations are still using manual processes, such as Excel spreadsheets, for vital areas of financial reporting. While manual methods succeeded in achieving short-term compliance, they pose significant long-term risks to several areas, such as cost and security.
Auditing and Reporting Requirements. Compliance requirements are expected to rise significantly in the coming years. For companies still relying on manual or ineffective processes, non-compliance and the resulting penalties listed earlier is a real risk.
Internal Audit Costs. A recent survey conducted by Financial Executives International (FEI) determined that SOX compliance will cost 62 percent more than previously anticipated ("Business Analytics: Delivering Compliance and Competitive Advantage," Siebel Systems, Inc., February 2005) . The survey also estimated that, on Section 404 alone, a company with $2.5 billion in revenue will spend approximately US$3.13 million and 25,667 man-hours. In addition, a large part of these costs repeat each year unless a technology infrastructure is put in place that allows compliance efforts to be replicated.
Technology & Compliance
Company executives are now looking to the future where they are required to maintain compliancy. They must provide ongoing updates, meet information requirements for accuracy, timeliness, quality and transparency, and implement ongoing controls. Smart organizations know they should standardize, automate and streamline the monitoring process. How do they do that? They take advantage of business technology and make it work for them.
