Thursday, July 28, 2005
Refreshing Financial Reporting and Consolidation
Our Financial Reporting and Consolidation Study found the investments companies have made over the past decade in business intelligence and reporting software have gone a long way to addressing the financial and managerial reporting requirements of the 1990s.
However, much is left to be done to make them responsive to 21st century needs. We conclude Global 2000 organizations must do far more to help manage performance across the enterprise, providing employees with a more comprehensive view of external world (e.g., competitors’ performance, market conditions) as well as more leading indicators to enable more forward-looking management.
posted by Brian Moran @ 8:55 AM
Wednesday, July 27, 2005
Three Years Later, A Look At Sarbanes-Oxley
The third anniversary of the Sarbanes-Oxley Act, or SOX, is a good time to take stock of the impact of the law on American business. While the spirit of data-driven regulations like SOX were created with the best of intentions, they have had a tremendously burdensome impact on U.S. enterprises because they have imposed requirements that are complex, costly, confusing and often contradictory.
And SOX is not the only Act companies have to address. There are separate data regulations created under the Health Insurance Portability and Accountability Act, Securities and Exchange Commission 4, Department of Defense, Check 21—and the many other laws and regulatory vehicles that have sprung up like kudzu in recent years.
posted by Brian Moran @ 2:30 PM
Sarbanes-Oxley Turns 3, But It's a Costly Birthday for Business
Unfortunately, if we learned any lessons from the Y2K fiasco, Congress forgot it quickly. Less than two years later, in response to corporate scandal hysteria in Year 2002, Congress enacted Section 404 of the Sarbanes-Oxley Act, which again required disclosures about internal systems designed to counter phantom problems.
Section 404 does have brevity on its side. Of course, if you know as little about business as Congress does, brevity may be a necessity.
Just like Y2K, many people are ready and willing to help companies comply with this open-ended requirement ... for large fees, of course.
Here’s a riddle for you.
What do you get when you close down one of the Big 6 Accounting Firms, threaten accounting partners and CEOs with jail time and enact corporate accounting reforms?
Answer: Paranoid, but rich accountants.
posted by Brian Moran @ 9:06 AM
Tuesday, July 26, 2005
SOX 404 Deficiencies Preceded By "Effective" 302 Reports
The fact that hundreds of companies came clean about potential internal control problems as the Sarbanes-Oxley Section 404 deadline approached isn’t terribly surprising. What is surprising, says one researcher who recently analyzed the disclosures, is that most of those companies had said not too long before that their internal controls were effective.
Among 366 companies that received a qualified opinion on the effectiveness of internal controls through May 2, 2005, 94 percent had previously certified their controls as effective as recently as the quarterly filing previous to the SOX 404 annual report. According to a report by proxy research firm Glass, Lewis & Co., the data suggest that the certifying officers of the companies “were using a rubber stamp to certify the effectiveness of internal controls prior to SOX 404.”
posted by Brian Moran @ 8:27 AM
Monday, July 25, 2005
Levitt: Push for Sarb-Ox Reforms Is 'Shortsighted'
When Congress moved to craft the Sarbanes-Oxley Act of 2002, legislators assembled the bill "in record time," said Arthur Levitt, former chairman of the U.S. Securities and Exchange Commission. However, he said, the authors did little to work with company executives to determine the demands the law would place on businesses.
Still, business leaders who are pushing hard for major reforms to ease Sarbanes-Oxley prerequisites because of the high costs of compliance "are being shortsighted," said Levitt. The mandates for public companies to document financial controls "have been well worth the costs" for investors, he said.
"If you have any doubts, ask those thoughtful shareholders for any of those 586 companies that reported material weaknesses [with their internal controls] during the first four months of the year," said Levitt, now a senior adviser at The Carlyle Group in Washington.
posted by Brian Moran @ 1:27 PM
Thursday, July 21, 2005
Sarbanes-Oxley Driving Growth of Shared Services Organizations (SSO)
More companies are interested in establishing shared services organizations (SSO) to help meet the time- consuming and expensive tasks associated with compliance requirements of the Sarbanes-Oxley Act. In fact, companies that have shared services organizations say their compliance efforts were made easier and cheaper, according to a new global survey conducted by Deloitte Consulting LLP.
Eight of 10 companies among 115 global organizations surveyed by Deloitte Consulting reported SSOs made compliance easier, and nearly half said SSOs helped to reduce the cost of compliance. Shared service organizations are internal businesses created by companies to handle non-essential work of a company's business units or divisions, such as general accounting or benefits administration. The SSO provides services to each business unit, usually on a charge-back basis.
"Clearly, Sarbanes-Oxley is the primary external driver behind the surging interest in shared services organizations we have experienced recently from clients and potential clients," explains Susan Hogan, a Deloitte Consulting principal and leader of the shared services practice. "But, we've also noticed a shift in which corporations are moving from holding companies to integrated organizations, and Wall Street analysts are looking for these types of efficiencies."
posted by Brian Moran @ 8:41 AM
Wednesday, July 20, 2005
Former SEC head says Sarb-Ox to be 'fine-tuned'
When Congress crafted the Sarbanes-Oxley Act of 2002, legislators assembled the bill "in record time" and did little to work with corporate executives to determine the demands the compliance requirements would place on businesses, said Arthur Levitt, former chairman of the U.S. Securities and Exchange Commission.
Still, members of the business community who are now pushing hard for major reforms to Sarbanes-Oxley because of the high costs of compliance "are being shortsighted," since the mandate for public companies to document their financial controls have "been well worth the costs" for investors, said Levitt.
"If you have any doubts about this, ask those thoughtful shareholders for any of those 586 companies that reported material weaknesses [with their internal controls] during the first four months of the year," said Levitt. He served as a panelist at a regulatory compliance conference held in Washington today.
posted by Brian Moran @ 9:01 AM
Tuesday, July 19, 2005
Know your risks
Speed is vital to assess and manage swiftly changing risks and meet regulatory demands. A matrix-based approach can offer a faster route than traditional, bottom-up methods
IT risk management is no longer an optional extra for business. Unforgiving new regulations, including Sarbanes-Oxley and Basel 2, demand that responsible corporate governance be built on effective controls - and risk assessment is fundamental to controls assurance.
This raises a dilemma for chief information officers. Until now almost all IT risk management methodologies, such as Cram, Sprint and Octave, have been highly structured and even the light versions are extremely complex and time consuming.
Rather than providing prompt answers to critical business security questions, they are geared towards ongoing assessment and management of broad-spectrum business risks.
However, there is an alternative approach that organisations are beginning to adopt. In today's tough operational environment, CIOs must identify their principal security risks quickly and unequivocally if they are to prioritise countermeasures and direct them where they are needed most. Formal regulatory compliance is one driver, but so too is the need to protect against potentially crippling value destruction by loss of reputation, damage to the brand or legal implications of failing to meet standards.
posted by Brian Moran @ 10:54 AM
Monday, July 18, 2005
Material-Weakness Reports Skyrocket
A total of 586 companies reported material weaknesses through early May of this year, compared with 313 for all of 2004, according to shareholder-advisory firm Glass, Lewis & Co.
The new analysis by the independent research firm is another confirmation that audit firms have increased their scrutiny of clients to ensure compliance with Section 404 of the Sarbanes-Oxley Act. Section 404, which requires an independent auditor to attest to a company's internal controls, became effective for many public companies beginning with their first fiscal year ending after November 15, 2004.
Glass, Lewis also found that clients of Big Four firms PricewaterhouseCoopers, Ernst & Young, KPMG, and Deloitte & Touche, as well as Grant Thornton and BDO Seidman, all have disclosed material weaknesses more frequently this year than last. Deloitte & Touche had the largest yearly difference; last year, only 2 percent of its clients made such a disclosure, compared with 6.5 percent through early May of this year.
Those results prompted Glass, Lewis to question how vigorously accounting firms required clients to disclose weaknesses in the past. "We think it's fair to say that most of the weaknesses disclosed in 2005 did not develop overnight, especially those related to a company's overall control environment," the report noted. Before Section 404 became effective, companies were required to disclose deficiencies only in the case of an auditor's termination, Glass, Lewis added.
posted by Brian Moran @ 9:38 AM
Friday, July 15, 2005
Sarbanes-Oxley law goes too far, admits its author
One of the architects of the controversial US Sarbanes-Oxley legislation admitted on Thursday that some of the reforms were "excessive" and could have been introduced more "responsibly".
Congressman Michael Oxley told a London conference that the legislation "was not a perfect document" because it had been rushed through in the "hothouse atmosphere" following the collapse of WorldCom.
However, he defended the right of federal lawmakers to push through investor-friendly reforms, deflecting accusations made this week that Congress was usurping the role of individual states to draw up corporation laws.
The Sarbanes-Oxley legislation, based on bills introduced by Mr Oxley and Senator Paul Sarbanes in 2002, sought to clean up corporate America following the spectacular financial scandals that engulfed Enron and WorldCom and which cost investors billions of dollars.
Mr Oxley, an Ohio Republican, is chairman of the influential House financial services committee, which oversees the financial services industry, together with the US Treasury, Federal Reserve and regulators. Mr Sarbanes is a Maryland Democrat.
Sarbanes-Oxley requirements, such as the need for companies to test their internal financial controls against fraud, have angered members of the US business lobby, who claim it has led to big rises in compliance costs.
posted by Brian Moran @ 10:37 AM
Wednesday, July 06, 2005
bad day for the prosecution
The jury trying Richard Scrushy in connection with financial fraud has found the former HealthSouth boss not guilty. The verdict surprised many observers but can be explained by both the quality of the evidence against him and the way in which the trial was conducted. There are lessons for those who are yet to take part in corporate-fraud trials, including Enron’s former bosses and their prosecutors.
“GOD is good” was Richard Scrushy’s initial reaction to the verdict, on Tuesday June 28th, that he was not guilty on 36 charges related to accounting fraud at HealthSouth, a hospital chain he used to run. Prosecutors, on the other hand, were dumbfounded that their case had failed. It was widely regarded as the most solid in a recent slew of fraud trials against top American executives. Moreover, prosecutors in a similar trial, that of Bernie Ebbers, had successfully secured a conviction against the former WorldCom boss in March—and are now pressing the judge to hand down the maximum jail term of 85 years when she sentences Mr Ebbers on July 13th.
Mr Scrushy’s acquittal is the biggest setback so far for those seeking to punish former corporate chieftains for accounting misdeeds that undermined confidence in American business after the bursting of the stockmarket bubble in 2000-01. It is especially embarrassing for prosecutors because it was the first big case to be brought under the provisions of the Sarbanes-Oxley act, which had been rushed through Congress in 2002 in an effort to overhaul corporate governance.
posted by Brian Moran @ 10:06 AM
Tuesday, July 05, 2005
Jury still out on "I didn't know" defense
Perhaps the biggest surprise in Richard Scrushy's acquittal last week in the $2.7 billion accounting fraud at HealthSouth was that the jury believed his "I didn't know even though I was the CEO" defense.
Just months ago, it seemed executives could no longer plead ignorance and get away with it, a view that came after former WorldCom Chief Executive Bernard Ebbers tried that tactic but was still convicted of being part of a conspiracy that cooked his company's books.
Scrushy's verdict seems to reopen the possibility that executives can argue they didn't know about massive wrongdoing even though they were at the helm. That's something the public may find hard to believe, but at least in this case, the jury accepted it.
The profiles of Ebbers and Scrushy are remarkably similar. They have humble roots, became corporate superstars, then had their reputations tarnished by allegations of financial fraud at the companies they built.
posted by Brian Moran @ 8:26 AM
Friday, July 01, 2005
How To Dig Out From Under Sarbanes-Oxley
The dirty little secret of the first Sarbanes-Oxley audit is that no one really knew what they were doing. Not the auditors, not the consultants, not you.
For Al Schmidt, vice president of IT for Arch Chemicals, that became painfully obvious during a September 2004 meeting in which his internal auditor, PricewaterhouseCoopers (PWC), and his external auditor, KPMG, discussed...auditing standards. (Sarbanes-Oxley mandates that companies have different internal and external auditors to avoid Enron-like conflicts of interest.)
As Arch employees and about five auditors from each firm sat silently, the lead partners of the two firms went back and forth for about 20 minutes, debating the different methodologies that each was using for the Sarbanes-Oxley 404 review of the $1.2 billion specialty chemical manufacturer's internal controls. ››
"Let's just say it was a learned discussion between two parties," Schmidt says.
posted by Brian Moran @ 1:55 PM