IBM Business Consulting Services. Sarbanes-Oxley: A call to action. deeper. Executive brief

Similar documents
IBM Application Management Services for reducing total cost of ownership

Navigating the regulatory straits of records management in the fi nancial markets industry

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

IBM Application Hosting for Ariba Spend Management. Save money and time with powerful, flexible hosted solutions for Enterprise Spend Management.

SOX and PCAOB. Introduction. SOX Act. In what year did the Sarbanes Oxley Act pass into law?

Making intelligent decisions about identities and their access

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

Business Resilience: Proactive measures for forward-looking enterprises

CONSTRUCTION. Building Success

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Microsoft Dynamics NAV Solutions for the Construction Industry

Sarbanes-Oxley Compliance

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Internal controls over financial reporting

Chapter 2. The CPA Profession

KEY LESSONS FROM SUCCESSFUL ASC 606 IMPLEMENTATIONS

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Community Bankers Conference

IBM Workplace for Business Controls and Reporting lowers the cost of compliance

Mastering new and expanding financial services regulations and audits

Essential IT Considerations for Sarbanes-Oxley Act

IBM Sterling Order Management drop ship capabilities

Checklist for Higher Education

Internal controls over financial reporting

deeper IBM Full Economy Model for SAP: reducing total cost of ownership Letting core competencies and organizational value drive business success

IBM Software Rational. Five tips for improving the ROI of your software investments

THE DEMAND FOR AUDIT AND OTHER ASSURANCE SERVICES

Chapter 02. Professional Standards. Multiple Choice Questions. 1. Control risk is

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Integration and Infrastructure Software. Process Integration from IBM. Optimizing resources to improve productivity.

IBM Sterling B2B Integrator for B2B Collaboration

BlackLine Compliance

deeper Going deep to real business value. Leveraging the depth of knowledge and experience of IBM Business Consulting Services

Focus on delivery of services

Rethinking the way personal computers are deployed in your organization

Managing funding and accounting processes

Journal of Applied Business Research Third Quarter 2006 Volume 22, Number 3

Strengthening Your Compliance and Ethics Program By Engaging Your Board Members

December 2010 Advisory Services

HP Database and Middleware Automation Proof of Value Workshop

Auditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards

Effective SOA governance.

Placing a lens on supply chain planning

Sarbanes-Oxley Requires Tracking of Marketing Spending

EY Center for Board Matters. Leading practices for audit committees

PART I. Sarbanes-Oxley for the Finance Professional COPYRIGHTED MATERIAL

Gain strategic insight into business services to help optimize IT.

Embracing SaaS: A Blueprint for IT Success

See your auditor clearly. Transparency report: How we perform quality audit engagements

1. Auditors may be independent in fact but not independent in appearance. 3. Attestation standards provide guidance for a wide variety of engagements

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements

An Oracle White Paper March Access Certification: Addressing and Building On a Critical Security Control

Present and functioning: Fine-tuning your ICFR using the COSO update

Preparing your organization for a Human Resource Outsourcing implementation

IBM Balanced Warehouse Buyer s Guide. Unlock the potential of data with the right data warehouse solution

IBM Software Services for Lotus To support your business objectives. Maximize your portal solution through a rapid, low-risk deployment.

Internal controls over financial reporting Uncovering the full picture of control costs

Transforming business processes and information by aligning BPM and MDM

IBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.

From Peachtree to Microsoft Dynamics GP: A move that makes sense for growing businesses GROW

3. STRUCTURING ASSURANCE ENGAGEMENTS

IBM Global Services January Realizing the business value of systems management with Linux-powered grid computing

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

IBM Planning Analytics

GROW. From Intuit QuickBooks to Microsoft Dynamics GP: A move that makes sense for growing businesses

Achieve greater efficiency in asset management by managing all your asset types on a single platform.

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Revenue Cycle Management for Software Companies

Next Generation Financial Planning Migration to Cognos TM1. For internal use only

Increasing External Auditor Reliance

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Prepare for a more efficient SAP implementation: Take data issues off the critical path

BUSINESS ANALYTICS. BIO for Microsoft Dynamics SL

The journey to procurement excellence

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Business development companies

IBM Data Security Services for activity compliance monitoring and reporting log analysis management

Accelerate and assure wireless services with intelligent solutions for wireless network and service management.

Securing Intel s External Online Presence

Aptitude Accounting Hub

IBM Sterling B2B Integrator

IBM Software Business Analytics. IBM Cognos Financial Statement Reporting (FSR): Automated CAFR reporting for state and local governments

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

AN ASSESSMENT OF THE COSTS AND BENEFITS ASSOCIATED WITH THE IMPLEMENTATION OF SARBANES OXLEY SECTION 404 IN A SOUTH AFRICAN CONTEXT

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

IBM Cognos Controller

An Epicor White Paper. Best Practices for ERP Implementation Success

Internal Audit & Compliance Importance of Collaboration and Skill Development

Predicts 2004: HCM and Financial Applications

Will Your Company Pass a Privacy Audit?

Driving value by combining financial and non-financial information into a single, investor-grade document

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Sarbanes-Oxley Compliance Kit

2017 Internal Controls Survey

5 Key Elements to look for in a Lease Accounting Solution

Internal Controls. June-20-17

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

An Oracle White Paper December Reducing the Pain of Account Reconciliations

Gaining Financial Integrity Through Improved Internal Controls

Sarbanes Oxley Impact on Supply Chain Management

Transcription:

IBM Business Consulting Services Sarbanes-Oxley: A call to action deeper Executive brief

The following article was written for and published in The Utilities Project: Volume 4 - Positioning for Growth by Montgomery Research. March, 2004.

Contents 1 Sarbanes-Oxley: A call to action 3 A SOX action plan 4 Some good news 5 About the author 5 About IBM Business Consulting Services Sarbanes-Oxley: A call to action The Sarbanes-Oxley Act goes beyond financial statements to require a sound methodology, including implementation management, determination of technological requirements, and compliance monitoring. If you work for a publicly traded U.S. company, chances are you re pretty familiar with the Sarbanes-Oxley Act (SOX). As a result of SOX, CEOs and CFOs have, for the first time, personally asserted to the validity of financial statements, exposing themselves to criminal prosecution. This was a landmark event, refocusing the executives on minding the mint and raising the accounting visibility across organizations. What you may just be realizing is that confirming financial statements was merely the first step in a series of evolutionary guidelines the act comprises. What was once viewed as an accounting-only law is now being driven to all parts of the organization. CIOs are increasingly involved as financial data guidelines are escalating in importance and solutions are sought to support auditable processes. To determine your SOX readiness, consider these questions from the CEO/ CFO perspective: Would I be willing to put my neck on the line that all of the material accounts and transactions are documented accurately and completely? Am I confident that all material accounts and operations have adequate and tested internal controls? Would a review of these tests satisfy an auditor? Do I believe a consistent rigor is applied across the enterprise to enforce internal controls and assure adequacy for material operations? Can I be sure that documents required to support legal inquiries are retained as needed to meet regulatory requirements? If you answered no to any of these questions, chances are you ll need to pull up your SOX. 1

Although the act has a number of sections, we believe that those with the most near-term impact are shown in Figure 1. Figure 1. Sarbanes-Oxley sections with near-term impact. SOX Description Impacts to you 302 404 802 CEO and CFO must personally certify to the accuracy of fi nancial statements and the effi cacy of internal disclosure controls- Completed! Requires annual report by management on internal controls attested by external audit forms. To be implemented in 2004, companies must document and test controls three months in advance of the fi scal year end. For example, for a Dec. 31, 2004 fi scal year end, controls must be documented and tested by Sept. 30, 2004. Criminal penalties for failure to comply with record retention policies, including assurance of no destruction, alteration, or falsifi cation of records. The CEO/CFO requires continued visibility and confi dence surrounding fi nancial data accuracy and completeness. Processes must provide visibility to material accounts and transactions to support assertions. Materiality, risks, and internal control procedures must be documented and tested. Any weaknesses identifi ed (if material) must be mitigated. The procedures, tests, and mitigating controls must be in an audible format. Management CEO/CFO must attest at risk of criminal penalty to the effectiveness of the controls. Key points a consistent, top-down rigor must be applied to defi ning procedures and test steps. Documentation must be centrally controlled (on an automated system if at all possible) and test results must provide management-level visibility to weaknesses. Section 802 raises issues for both business and technical groups. From a business perspective, we need to determine what to retain, how long to keep it, and a fi nal disposition. On the technical side, companies are challenged to provide content management type capabilities for the variety of documents and formats. For example, spreadsheet-based support for revenue calculations, portable document format (.pdf) reports generated from ERP applications, e-mails, etc., may all qualify for retention to support at the income statement revenue caption. Companies will need to drive retention policies top-down to retain what is needed. Another component of 802 is that companies should establish emergency policies for retention in the event of legal inquiry. 409 This requirement is still evolving, but the SEC is considering rules providing for realtime disclosure of material events. New accelerated fi ling rules will go into effect over time. 10Qs 35 days 10K s 60 days This increases the pressure on fi nancial reporting in all areas. The need to expedite the close process will likely drive signifi cant transformation in the fi nancial group. Processes must be streamlined and ineffi ciencies driven out. Technologies surrounding ERPs (extension of capabilities, or driving more from the technology in-house) will be required to deliver results. Data and transaction reliability must be baked into fi nance functions since correction cycles will be signifi cantly reduced. Data warehouses and content management systems will increase in importance to provide availability of fi nancial support data and to provide a quick and reliable repository for data supporting fi nancial statements. Source: IBM Business Consulting Services, 2003. 2

A SOX action plan Obviously, these SOX requirements will have a pervasive impact on your organization. No surprise here because the goal of SOX is to reach across the organization creating a pervasively ethical corporate environment and appropriate business behaviors. Given this broad goal, what can be done to make this a reality? Since the assertions required are at the executive level, a top-down approach offers the greatest promise that the executive will be satisfied with the methodology and assertions that they must make on behalf of controls. To align with executive needs, this top-down approach is best driven by a representative from the CFO s office or another senior resource charged specifically as a SOX program compliance officer (see figure 2). Planning Planning is critical given the regulatory guidelines and time frames involved. Assigning a goal-oriented compliance program manager helps drive compliance activities within the organization. Frequently, outside support will be required to help the program manager get up to speed and develop the materials to communicate and train the staff. Since there are inherent conflicts between the external auditor used by the firm and the SOX compliance process, companies typically engage consulting firms with strong change management practices to drive the change. In cases where particular issues of the Financial Accounting Standards Board or generally accepted accounting principles apply, other audit firms also are frequently engaged to provide deep technical expertise. Figure 2. Compliance process undertaken by program manager. Monitor Establish accountability Defi ne controls Test Document Source: IBM Business Consulting Services, 2003. 3

Technology A number of vendor software solutions exist to support a centralized compliance capability. Most solutions focus on a component of compliance (e.g., 404 or 802). However, a few bridge the gap. Some solutions have the added feature of predefined control templates that help to expedite documenting controls and increase overall SOX efficiency. However, it s important to note that software alone isn t the answer. With culture change and creation of a pervasively ethical business environment as a goal, the project must be managed top-down to drive change in the organization. Some good news The vision and direction provided by SOX provides the promise of simplified accounting processes, enhanced technical capabilities, and ultimately increased investor confidence in the coming years. Companies, now recognizing the SOX work in front of them, are using it to drive process and organizational changes, breaking through entrenched resistance and looking for opportunities to recast the financial reporting landscape. In fact, over the next few years, a significant portion of financial systems investments will be driven solely by SOX compliance needs. SOX is looming as a major to do for 2004. Many companies, still in the (404, 802) aware ness stage are unclear on the full scope of actions required. Given the possibility of civil and criminal charges, as well as the almost certain impact to share values if initiatives fall short, it s clearly time to get the compliance house in order. Key actions include: Defining a compliance program management role Creating a SOX plan to meet requirement deadlines Determining what technologies will be employed to document and report activities Working top-down to define controls and objectives Monitoring compliance testing to verify the program is on track. 4

A critical point is that SOX is pervasive; it changes the way business is conducted. As a result, SOX requires a hands-on effort and senior management commitment. Chances are that there is still time to comply with requirements, but the clock is ticking. For section 404 in particular, compliance can be no later than the end of the third quarter of 2004 and it could be much earlier depending upon your fiscal year. How do you get started? Take the initial step to get a compliance office up and running and identify your SOX reporting milestones. Hitting these milestones is critical. Remember, with SOX, there are no second chances. About the author Richard Lulie is an Associate Partner at IBM specializing in financial solutions and Sarbanes-Oxley compliance for the Communications and Utilities sectors. Mr. Lulie is a CPA with over 20 years of experience including audit, business transformation, and financial software implementation. He can be reached at richard.lulie@us.ibm.com. About IBM Business Consulting Services With consultants and professional staff in more than 160 countries globally, IBM Business Consulting Services is the world s largest consulting services organization. IBM Business Consulting Services provides clients with business process and industry expertise, a deep understanding of technology solutions that address specific industry issues, and the ability to design, build and run those solutions in a way that delivers bottom-line business value. 5

Copyright IBM Corporation 2004 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America 05-04 All Rights Reserved IBM and the IBM logo are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. G510-3622-00

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback