Wednesday, November 09, 2005
Double Dipping on SOX: Some companies are leveraging Sarbanes-Oxley investments for business; others are leveraging business investments to comply
Mention the Sarbanes-Oxley Act to a CIO or a corporate executive, and he's likely to roll his eyes or grimace.
That's because most executives view the compliance requirements as a grim burden, like cleaning out a pack rat's basement.
At the end of 2004, American Electric Power Co. (AEP) began using software from Oversight Systems Inc. in Atlanta to help it monitor transactions in its accounts payable group. If a manager authorizes a purchase above his spending limit, the system recognizes it and spits out an exception report, says Mike Sullivan, assistant controller at the Columbus, Ohio-based power company.
Those capabilities have helped AEP comply with Section 404 requirements. But the company has also been able to use the software to determine whether any of its IT staffers or other workers have tried to modify software fields in other transaction systems for fraudulent purposes, says Sullivan.
The company plans to extend the use of the software to its accounts receivable department by year's end. "We should see some operational savings once we go through another [Section 404] cycle," Sullivan says, because AEP will be able to cut back on some of its internal controls testing.
posted by Brian Moran @ 8:55 AM