Monday, November 07, 2005
The Process Improvement Payoff
Capabilities developed from Sarbanes-Oxley compliance activities can be applied to processes as narrow as A/P or as wide as governance best practices.
Last year, American Electric Power discovered just how closely connected compliance work and process improvements can be. As the compliance team at the giant Columbus, Ohio-based power generator and distributor worked to fulfill the requirements of Sections 302 and 404 of the Sarbanes-Oxley Act, the finance department noticed an opportunity. The organization's growing focus on internal controls and financial processes afforded the chance to prune the number of duplicate and erroneous payments that typically occurred during the A/P process.
The finance function shopped for an A/P monitoring tool and settled on an application from Oversight Systems that automatically detects irregular payments to suppliers. The software was installed as the company's first-year Section 404 work neared a close at the end of 2004. By the middle of this year, the tool had already helped American Electric Power reduce its A/P costs by 75 percent.
Transforming Transactional Processes
Ask American Electric Power and other accelerated filers flush with similar success whether Sarbanes-Oxley compliance provides opportunities to deliver process improvements, and they'll answer yes. This question is becoming pivotal as public companies start to strengthen their ongoing Sarbanes-Oxley capabilities and apply them to other financial and operational areas in the process.
Mark Schmeling, CFO advisory services practice leader for Archstone Consulting LLC in Chicago, says that the tactical aspects of Sarbanes-Oxley compliance consumed much of the finance function's attention during Year One. "Most process-improvement-oriented efforts were deferred until the organization was able to complete the initial SOX compliance," he explains. "Now that the first year is behind most public companies, the finance leadership is beginning to focus on driving improvement within the finance organization."
American Electric Power's successful adoption of a monitoring tool to transition one of finance's prime candidates for process improvement is a case in point. "We monitor our A/P process on much more of a real-time basis [than before]," says Mike Sullivan, director of accounting services. "The tool identifies transactions that don't look right and then corrects or cancels [them]. Previously, our internal controls around payables were not as timely or rigorous. Plus, we're identifying a larger population of transactions that are exceptions. By addressing them on a daily basis, we can prevent most of the losses we previously incurred."
Sullivan expects to apply the tool to his company's accounts receivable process in the near future.
Streamlining Testing and Documentation
The byproducts of American Electric Power's overhaul of its A/P process extend far beyond immediate transactional cost savings, according to Sullivan. "By using the Oversight [Systems] tool to monitor our compliance with business rules, we will be able to significantly reduce the transaction testing we're doing and some of our [internal controls] documentation," he reports. "We can now document within a database that the rule and checking of the rule was completed. If there was a failure to follow the rule, it is documented as an exception, and then we document the review and the resolution in the database as well."
Sullivan would like to give the company's internal and external auditors access to the database to reduce the amount of Section 404-related evaluation both groups need to conduct in the future and possibly to lower audit costs. He appreciates how the automated monitoring of just one key financial process -- A/P in his company's case -- can greatly reduce the large amounts of paperwork that the new law requires. He also recognizes that auditors, particularly external auditors, may take some time getting used to the process of evaluating databases.
"It's a pretty new concept, and they seem to be receptive to the idea," Sullivan says of external auditors, who have long relied on hard-copy sign-offs and work papers. "But in practice, they're not yet as comfortable looking into the database to see that all of that same information exists. It's difficult for the auditor to say, 'My evidence of the audit is that I reviewed the client's database, and the database is working as intended and contains all the information they say it contains.' "
Auditors' discomfort with database sign-offs may disappear as continuous monitoring of financial processes and compliance processes become more common. Sullivan is encouraging his auditors to take advantage of his function's process improvements.
Improving Overall Compliance and Governance
The possibility of Sarbanes-Oxley-fueled improvement does not have to be limited to transactional and compliance processes within the finance function. Company leaders are also asking how compliance work related to the new law can help strengthen and streamline non-Sarbanes-Oxley compliance and governance processes companywide. Those sorts of improvements may not shave costs from processes, as American Electric Power's A/P initiative does, but they can bolster an organization's risk management program and help stave off the extraordinary fiscal and reputational costs of lapses in corporate governance and regulatory compliance.
Believe it or not, the Sarbanes-Oxley Act is not the only regulatory requirement bearing down on companies. Although compliance with this law is expensive -- estimates peg the cost at $500,000 to $1 million per $1 billion in revenue -- it is only one large piece of the overall compliance and governance picture. Complying with all regulations that apply to a U.S. company costs roughly $5 million to $6 million per $1 billion in revenue, according to the Open Compliance & Ethics Group (OCEG) of Scottsdale, Ariz.
Carole Stern Switzer, OCEG's executive vice president and general counsel, suggests that organizations can capitalize on commonalities across regulations. "A lot of companies have not previously focused effectively on compliance in terms of coordinating their efforts in a way that would allow for efficiency and flow of best practices from one area of compliance, such as environmental, to another, such as adherence to employment law or the Foreign Corrupt Practices Act," she notes. "But those companies did have to focus on Sarbanes-Oxley and spent a lot of time and money addressing Sarbanes-Oxley."
Organizations can leverage their Sarbanes-Oxley-related spending, Switzer says, to establish a broader, more integrated and more efficient set of compliance capabilities. This internal exchange of best practices among different compliance efforts offers two sorts of payoffs.
First, from a risk management perspective, stronger compliance practices limit negative events such as rule violations, financial restatements, investigations by regulatory agencies and damage to a company's reputation.
"By developing better compliance programs and devising company-sponsored remedial measures for past actions under investigation, companies and their shareholders may spend less on the legal ramifications -- and previously unexpected high costs -- of negative outcomes," says George A. Stamboulidis, a partner in the New York City law firm of Baker & Hostetler LLP.
Second, more sophisticated overall compliance capabilities can impress shareholders. In a Business Finance Webcast this summer, Arnold C. Hanish, chief accounting officer at pharmaceutical giant Eli Lilly & Co. in Indianapolis, said his company has found that regulations requiring transparency -- and most do -- boost shareholder value.
The more information his company can provide to the analyst community while staying within SEC regulations, Hanish said, the higher the likelihood its stock price will rise. He referred to the SEC's Regulation Fair Disclosure, which requires securities issuers to reveal to the public what they disclose to securities market professionals.
Hanish added: "There's a lot of information that we can provide within the framework of regulations that will add significant value from a shareholder perspective. And that's really what our job is."
Developing a sound compliance function requires more than sharing best practices, though. Executives and managers in charge of compliance, ethics and governance activities must be properly trained. To date, most compliance training has been reactive rather than proactive, according to an OCEG study.
Compliance process improvements also require time and money. The OCEG research found that companies that have suffered some level of damage to their reputation in the past invest three times more money in compliance and ethics processes than companies that have suffered no such blow.
"People are beginning to realize that compliance is not just a necessary evil that you layer on top of your business operations," Switzer says. "Rather, it is a core business function, and it has to operate like a business function -- with accountability and measurability."
posted by Brian Moran @ 8:49 AM