SmartAdvice: Sarbanes-Oxley Compliance Is Ongoing, So Prepare For Now And In Future - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management
10:28 AM

SmartAdvice: Sarbanes-Oxley Compliance Is Ongoing, So Prepare For Now And In Future

Getting ready for Sarbanes-Oxley will test whether your company can meet the act's compliance guidelines for financial and IT controls, The Advisory Council says. Also, look for a general collaboration app when you decide to implement supply-chain forecasts; and use dashboard tools to manage outsourcing contracts for more control and greater ROI.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]

Question A: What can we do to prepare for the upcoming Sarbanes-Oxley compliance deadlines?

Our advice: Just as IT departments spent much of 1999 bracing and preparing for Y2K, so, too, must they now prepare for the upcoming Sarbanes-Oxley deadlines. However, unlike the one-time Y2K occurrence, Sarbanes-Oxley compliance will be an ongoing, everlasting phenomenon companies will have to incorporate into their IT systems and processes, and therefore preparations for Sarbanes-Oxley will have both short-term and long-term components.

Section 404 of the Sarbanes-Oxley Act requires companies with market capitalization of $75 million or more to attest to the effectiveness of their IT and financial controls when they file their 10-K reports for fiscal years that end after Nov. 15, 2004. The 10-K is the annual report that provides a comprehensive overview of the business; it must be filed within 90 days of the end of the company's fiscal year. (Contrary to recent rumors, the SEC will not be extending the deadline for Section 404 compliance.)

Related Links

Summary of Sarbanes-Oxley Act of 2002

Sarbanes-Oxley Rulemaking and Reports

The Sarbanes-Oxley Guide for Finance and Information Technology Professionals

In preparation for the Sarbanes-Oxley deadlines, IT departments are "freezing" systems. In effect, this means that any noncritical patches, upgrades, and installations, especially those that are likely to affect core business areas such as finance, accounting, manufacturing, distribution, and HR (for example, ERP systems), are being postponed until after the initial deadline. However, if any work still remains to meet Sarbanes-Oxley compliance requirements, that work must now take on a high priority in implementation and deployment plans.

For companies that haven't already done so, now is time for their finance and IT departments to work closely with auditors to verify their compliance with and controls relating to Sarbanes-Oxley. These include, but aren't limited to, documentation and processes around general ledger, accounts payable, accounts receivable, order-to-cash, procure-to-pay, real-time reporting, full disclosure, and risk management. Since definitions and specifics around these vary by company and industry, it's critical that internal finance and IT departments, and the corresponding business and technology auditors, agree on their interpretations of these concepts.

Ultimately, the purpose of IT is to support the business. This applies to Sarbanes-Oxley compliance as well. Especially as the compliance deadlines draw near, it's critical that IT support the finance function in any way it can. This includes ensuring the validity of the controls that have been put in place, verifying the ability of real-time disclosure through workflow, and timely filing of 10-K's. In addition, as the auditors make recommendations of what needs to be incorporated into the systems to meet Section 404 requirements, IT must respond in a timely manner. While this may require long hours and personal sacrifices in the short term, these relationships, and the resulting robust IT systems, will pay dividends in how these various teams (finance, IT, and auditors) work together in the future.

Finally, even though the road to compliance feels long and difficult, you don't have to do it alone. With scores of companies preparing for Sarbanes-Oxley deadlines, you're sure to find others, some in your own industry, with whom you can exchange ideas, share thoughts, discuss challenges and find solutions to your Sarbanes-Oxley woes. Join such discussion groups as the Sarbanes-Oxley Yahoo Group to network with peers and to explore resources that will assist you with your compliance efforts.

-- Sanjay Anand

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll