Caught in the act

by Barb Swartz

You can navigate the rules of the Sarbanes-Oxley Act of 2002.
One year has passed since the Sarbanes-Oxley Act of 2002 was enacted to restore investor confidence in corporate America through the reinforcement of corporate financial accountability. Today, businesses are still trying to determine how they will meet the standards set forth by this act and the resulting rules that have been issued by the Securities and Exchange Commission (SEC).

Regardless of what a company’s core competence is, Sarbanes-Oxley has put the finance function under a microscope. An SEC inquiry can be devastating to the company’s valuation and corporate reputation. As a result, it is no longer enough to use “standard operating procedures.” According to Aberdeen Group, “Sarbanes-Oxley now requires corporations to report on their business at a new level of depth and with a higher degree of clarity … In short, boilerplate financial reporting is no longer adequate.”¹

What’s more, the act applies to all companies publicly traded on a United States national exchange, as well as any company that has registered to become traded on one of these exchanges. This could include companies that are actually incorporated outside of the United States and listed on both a non-U.S. and an U.S. exchange.

In addition, there are provisions that apply to both private and public companies. One such provision is the whistleblower protection for employees. Because of the scrutiny given to good corporate governance practices at all companies, be they private or public, stakeholders such as venture capital investors, lenders, equity interest holders and insurers are focusing greater attention on compliance. Thus, privately held companies that borrow money from banks or have insurance policies protecting directors and officers are indirectly affected. As noted by META Group, the Sarbanes-Oxley Act “should be on the agenda of every publicly traded company as well as any firm that plans to go public.”²

Raising the bar
Essentially, the Sarbanes-Oxley Act redesigns the federal regulation of public companies’ corporate governance and reporting obligations; tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel; and specifies particular securities violations as crimes. It is composed of eleven titles with more than 1,100 sections. There are four key areas that present the greatest impact and challenge to finance and associated support areas. (Click here to see figure 1.)

Companies have quickly learned that changing accounting processes alone will not address these areas sufficiently. The technology and systems to support finance’s efforts also need to be examined, and that is what companies are doing today. In a recent survey conducted by META Group, more than 75% of the respondents were researching, evaluating or implementing projects to address Sarbanes-Oxley. ³(Click here to see figure 2.)

Enterprises are turning to technology to make their financial information readily available, auditable and analyzable. If you are launching IT projects in response to the Sarbanes-Oxley, be sure they meet the following requirements:

• All summary and detailed financial data resides in a single repository (single book of record).
• The system supports the approval and results certification process.
• Accounting close and reporting can be completed quickly and accurately.
• The system provides visibility of the internal controls at all consolidated and/or reporting levels.
• The project uses a dashboard/KPI environment for visibility of close and reporting.
• The workflow process is automated.
• The system provides visibility and awareness of in-period and closing adjustments.
• The audit trail is visible and can easily be tracked.
• The system can handle structured and unstructured data.

Meeting expectations
Companies need to determine the appropriate technology and environment that best meets their particular needs while keeping in mind the Sarbanes-Oxley regulations finalized by the SEC and those that will be refined in the future. So where do companies begin? There are many vendors and consultants with various products and services that can help companies comply with the act. The offers can be grouped into three areas: enterprise resource planning (ERP) solutions, business intelligence (BI) offers and other unstructured processes or niche solutions.

ERP solutions have given many companies great returns and improved efficiencies with their core accounting processes. Key players in this market space are PeopleSoft, Oracle Financials and SAP. The modules contained in these solutions were designed for processing the flow of business transactions through a company’s value chain. These solutions meet various financial transactional needs, including accounts receivable and payable processing, general ledger and closing of the books. As a single database, there are standard processes by which data can be entered, and there are standard checks and balances that may be required before the transaction is deemed valid. ERP modules can be instrumental in driving business process consistency; however, reporting and analysis capabilities and flexibility are limited.

BI or OLAP (on-line analytical processing) vendors have developed various solutions to address the requirements of Sarbanes-Oxley. Offerings from Business Objects, Cognos, Hyperion and MicroStrategy focus on providing a flexible analytic platform where users can create queries, views and reports to enable financial transparency and visibility into a company’s results. BI vendors do this very effectively, but they do not stand alone. Access to an integrated, cleansed source of detailed financial data makes these solutions attractive.

Unstructured data analysis and content processes are also useful. Since the signing of Sarbanes-Oxley in 2002, there have been a host of companies (both new and established) that have created “Sarbanes-Oxley compliance management” products. These emerging products have been primarily focused on Section 404, which is the documentation of procedures and policies. This section is still being interpreted, which is part of the reason for the push back of the compliance deadline. Further complicating matters, the process of strengthening internal controls touches many finance and business processes along with systems. Some of these existing and emerging companies are ACL Services, CommercQuest, DecisionPoint, Documentum, Nextane, OpenPages, Softrax and Stellant.

Understanding the hype
What is the answer for Sarbanes-Oxley compliance? Industry experts agree that there is no single technology solution that will place a company in compliance. Solutions vary depending on a company’s existing environment and business needs. And even though Sarbanes-Oxley is the largest single act to impact a company’s finance organization since the SEC Act of 1934, it is not the only focus of the CFO. In fact, according to a recent Forrester Research survey, only 20% of the finance executives surveyed cited “complying with regulations” as their biggest challenge⁴. They need to continuously focus on important business issues such as maintaining shareholder value, improving corporate performance and reporting accurate financial results.

For a CFO to meet business needs while complying with Sarbanes-Oxley and other regulations, he or she should strive to create a world-class finance operation. Hackett Group, which provides unbiased, empirically driven guidance on best practice-based improvements for the Fortune 2000, recommends that data warehousing be part of a company’s technology investments. Top-performing organizations rely on data warehousing not only to help with compliance, but also to gain a competitive edge. The data warehouse enables companies to integrate all of their summary and detailed financial data from all of the systems throughout the accounting process, not just the general ledger.

With a financial data warehouse, businesses can react in near real time to everyday opportunities and threats. For example, how quickly could your company assess the impact of one of your large customers declaring bankruptcy? And is this event of enough significance to be a reporting requirement under section 409 of the Sarbanes-Oxley? Just going to the financial data in the general ledger alone will not give you the information you need; you must assess the specific customer risk that can only be found in detailed forecast revenue flows, inventories, receivables and other related areas.

The data warehouse provides the necessary foundation for finance to operate at top performance. With the data integrated on one platform, nearly any analysis, from summary results to detailed transactions, can be performed seamlessly. It is this analytical platform that supports the necessary compliance areas of Sarbanes-Oxley, including results certification, notification of material changes and events, accelerated reporting, disclosure controls and a host of other issues important to market leaders.

Barb Swartz is Teradata’s Financial Management marketing director. She can be reached via e-mail at barbara.swartz@teradata-ncr.com

1 Sarbanes-Oxley: Tightening the Link between Financial Analytics and the Financial Value Chain, Alex Veytsel, Aberdeen Group, June 19, 2003
2 Jumping on the Sarbanes-Oxley Bandwagon, John VanDecker, July 2, 2003
3 Jumping on the Sarbanes-Oxley Bandwagon, John VanDecker, July 2, 2003
4 Solving Sarbanes-Oxley: The CFO Playbook, Jennifer Chew, Forrester Research, July 2003