Fixing Sarbanes-Oxley - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management

Fixing Sarbanes-Oxley

FRONTlines Forum looks to future of compliance.

VentanaMonitor™

FRONTlines Forum, a conference on corporate governance, compliance, and audit practices, took place in San Francisco during the same week that the SEC’s roundtable discussion on Sarbanes-Oxley Section 404 “lessons learned” was held in Washington. Both produced mixed reviews: most companies that presented do not believe the law has been a total waste of time, but believe there is substantial room for improvement in how the law is implemented. Many companies believe they must find more efficient ways to comply, a point we have been advocating along with leveraging these efforts to enhance the finance organization’s overall effectiveness. Ventana Research believes software plays a critical role in accomplishing this. We also advise IT organizations of US public filers to ensure they are assessed as a source of serious deficiencies, as we believe auditors generally will take a closer look at the IT systems dimensions in the current year.

View
The FRONTlines Forum, a conference on corporate governance, compliance and audit practices sponsored by Certus (a compliance software company), was held in San Francisco on April 21. Like the SEC’s roundtable discussion held in Washington the same week, the Forum was intended to be an assessment of Sarbanes-Oxley Section 404 by in-the-trenches practitioners. As with the SEC’s Roundtable, those speaking at the Forum believe Section 404 has not been a total waste of time. Benefits cited ranged from the high-level “increased shareholder confidence,” to the more tangible: better risk assessment and management, as well as improved finance and IT processes. Some believed (as do we) that it could be used as a catalyst for greater efficiency, transparency and more effective risk control, to name just three benefits. At the same time, deep dissatisfaction was voiced (often with diplomatic subtlety) as to how the audit firms are handling the implementation of the law. There is too much pettifogging on the part of some audit staffs with little recognition of the purpose of the controls. It is clear that investors (whose needs, after all, are supposed to be the whole point of the law) are able to distinguish between material weaknesses that are truly material and those that are not, yet auditors have been treating each the same.

Now that the initial phase of Sarbanes-Oxley 404 has been completed, it is also clear from the discussions at the Forum that companies have much to do the build sustainable and efficient compliance systems. As we have noted in our research through the first phase, most corporations have created far too many low level controls than they should have. Given the tight deadlines and the grave penalties for CFOs who have fallen short, the desire to simply deal with existing processes, rather than risk problems with redesigning them, was perfectly rational. Year two for many companies will focus on simplifying their control structures to emphasize entity-level controls wherever possible. Not only will this require work on the part of the companies to design these new processes and controls, but audit firms must do a better job of training their staffs in assessing control mechanisms. Conversations with senior finance executives over the past several months has revealed their frustration that even when they put efficient, well-designed entity-level controls in place, their auditors did not always understand their validity and insisted on unnecessary, lower level controls.

Those hoping that the law will either go away or be substantially reigned in will be disappointed, in our opinion. However, Ventana Research believes year two of Sarbanes-Oxley will be a critical watershed for companies, audit firms and regulators. Criticism of the law is likely to increase unless auditors and the PCAOB respond to calls for greater specificity where required, and a willingness to defer to good judgment where necessary. Charles Niemeier, a member of the Board of Directors of the PCAOB, spoke many encouraging words. If these intentions translate into concrete actions at the front lines of the audit, we believe the compliance “issues” will be mitigated. It is still too early to assess to what extent this will happen.

Ventana Research believes many companies do not have the luxury of resting on their laurels this year. They will need to continue their Section 404 efforts on two fronts: finance and IT. Companies may think they had rigorous audits this year, but our discussions lead us to conclude that audits will go deeper and, in some cases, wider the second time around. Moreover, we expect IT controls will be tested more rigorously over time.

Assessment
The phrase “sustainable compliance” has become the phrase of choice to describe what US SEC registrants’ ultimate goal is. Ventana Research concurs with this objective. We think companies have multiple options they should consider in their comprehensive assessment of their people, processes and systems. With their first audit behind them, corporations should strive to regain the efficiency they lost complying with Sarbanes-Oxley. Our Audit and Control Study last year showed on average, compliance could consume ten percent of the time of the finance organization. We advise finance executives to consider comprehensive compliance packages (from, for example, Axentis, Certus, Movaris, and Paisley Consulting), and/or leveraging their existing software packages (e.g., content/document management, workflow/process management, enterprise reporting and so forth.) to enhance sustainable efficiency.

Related Research:

Address Compliance Efficiency
Revamping and enhancing systems to overcome regulatory burdens.

Who’s Flunking 404?
Despite major efforts, many companies still have work to do.

Consolidating with Compliance
Driving compliance efficiency in the Sarbanes-Oxley environment.

Sarbanes-Oxley Compliance Automation Mandatory for Larger Companies
Hyperion/Axentis among vendors addressing the process challenges.

Robert Kugel is CFA, VP & Research Director - Financial Performance Management at Ventana Research.

Ventana Research is the preeminent research and advisory services firm helping our clients maximize stakeholder value with Performance Management throughout their organizations. Putting research in a business and IT context we provide insight and education on the best practices, methodologies and technologies that enable our clients to leverage assets to understand, optimize, and align strategies and processes to meet their goals and objectives.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll