Friday, April 28, 2006
Former SEC Chair Harvey Pitt comments on how to make SOX 404 work for smaller companies without exempting them.
Perhaps the most controversial topic facing the Securities and Exchange Commission today is the issue of applying the Sarbanes-Oxley Act — and specifically Section 404 of the Act — to smaller companies. The debate has drawn sharp response from several former SEC Chairmen, including William Donaldson, Arthur Levitt, and Richard Breeden. All three have publicly opposed proposals that would exempt smaller companies from rules requiring them to demonstrate effective internal controls over their financial reporting.
In testimony before the Senate Banking Committee earlier this week, SEC Chairman Christopher Cox appeared to walk a middle path in the debate, suggesting that 404 could work for such companies if a more appropriate framework could be developed for smaller companies. That view is not all that different from one recently proposed by another former SEC Chairman, Harvey Pitt, who headed the commission from 2001 to 2003. Now founder and chief executive officer of Kalorama Partners, Pitt talked with CFO.com this week about his perspective on smaller companies and section 404.
posted by Brian Moran @ 9:45 AM
Thursday, April 27, 2006
Oversight Systems to Address Institute of Internal Auditors May 1
Co-Founder Chris Rossie to Discuss Closed-Loop Controls for Segregation of Duties
ATLANTA (April 26, 2006) - Oversight Systems Inc., the leading provider of independent, continuous monitoring solutions for real-time transaction inspection, today announced that co-founder and Vice President of Business Development Chris Rossie will present at the New Jersey Chapter of the Institute of Internal Auditors annual Internal Audit Software Expo.
Rossie is scheduled to speak Monday, May 1, at 2 p.m. on the topic "Segregation of Duties in the Real World: Closed-Loop Controls for Sarbanes-Oxley Compliance." Oversight Systems will also exhibit at the conference, which runs May 1 and 2 in Fairfield, N.J.
Designed for compliance executives and audit directors looking to optimize their controls and ensure efficient defect-free financial processes, Rossie’s presentation will cite case studies and best practices that demonstrate how companies can apply continuous monitoring software solutions to:
* Identify segregation of duties conflicts
* Recognize actual control violations corresponding to those conflicts
* Prioritize controls conflicts based on risk and dollar value of the violations
* Automate a mitigating control for SoD conflicts that cannot be eliminated.
"Real world business processes demand a risk-based approach to segregation of duties," Rossie said. "Finding a control conflict is just the beginning. Rather than redeploying an ERP system to eliminate low risk SoD conflicts, compliance executives and audit directors are now realizing the benefit of combining preventive controls with automated, mitigating controls."
posted by Brian Moran @ 8:41 AM
Wednesday, April 26, 2006
Bridging the Sarbanes-Oxley Disclosure Control Gap
This report compiles historical information that addresses both the likelihood of self reporting internal control deficiencies and the advancement of quality in financial reporting as it relates to the most recent recommendations of the Advisory Committee on Smaller Public Companies.
The SEC Subcommittee on Smaller Public Companies recently released a draft report containing recommendations that it believes will advance the goal of enhancing the quality of financial reporting while also reducing the cost of compliance to SmallCap and MicroCap public companies.
An important underpinning of these recommendations is that SmallCap and MicroCap companies, with the addition of several new corporate governance requirements, can be relied upon to self report material weaknesses in internal controls over financial reporting and maintain a high level of quality in financial reporting.
This report examines the historic relationship between Section 404 (internal control over financial reporting) and Section 302 (self reporting of disclosure controls and deficiencies in internal controls) reporting and compiles research about historical financial restatements.
posted by Brian Moran @ 10:27 AM
Monday, April 24, 2006
Oversight 3.8 Introduces Open Knowledge for Customized Analysis & Testing
Web-based interface allows users to create & modify Oversight's Integrity Checks
ATLANTA (April 24, 2006) - Oversight Systems Inc. today announced the launch of Oversight 3.8 which extends Oversight's continuous controls monitoring software by allowing users to easily customize their analysis and build upon Oversight's best practices in transaction inspection and continuous monitoring.
For more than two years, Fortune 500 companies have relied upon Oversight's real-time transaction inspection software to automate the analysis and testing of auditors and fraud examiners across their heterogeneous financial systems. With real-time inspection over every transaction, Oversight identifies all errors and control violations, drives defect-free financial processes, and sustains Sarbanes-Oxley compliance by providing a wide range of automated mitigating controls.
"Oversight continues to expand upon our library of Integrity Checks that encapsulate the best practices of auditors and our intuitive interface empowers non-technical users to apply Oversight’s advanced analysis engine to deliver precise results for their specific needs, processes and applications," Oversight Systems CEO Patrick Taylor said.
Oversight 3.8 provides a secure medium for authorized users to tune the configuration of Integrity Checks. Non-technical users can create new Integrity Checks for real-time transaction inspection that are customized for company-specific processes. Oversight partners are leveraging the capabilities to develop monitoring solutions for trade promotion, Basel II, license enforcement and OMB A-123.
"Grant Thornton recognized the emerging demand for continuous monitoring solutions to maintain financial integrity within ERP systems, so we've partnered with Oversight Systems to incorporate Oversight's real-time transaction inspection into the Grant Thornton Financial Integrity Workstream offering," said Rhoda Canter, Partner, Grant Thornton Global Public Sector.
About Oversight Systems, Inc.
Oversight Systems takes continuous controls monitoring to the next level with real-time transaction inspection for defect-free financial processes. Oversight's software provides a platform for continuous monitoring that automates the process of finding problems, fixing problems and proving problem resolution. By inspecting each step of individual transactions across all financial systems, Oversight identifies all errors and control violations, drives defect-free processes, and sustains Sarbanes-Oxley compliance.
posted by Brian Moran @ 9:19 AM
Friday, April 21, 2006
Small firms would get audit relief under SEC plan
WASHINGTON (MarketWatch) - Federal securities regulators should exempt small companies from certain sections of a controversial corporate-governance law, according to a draft of an advisory panel report scheduled to be released Monday.
Members of the Securities and Exchange Commission's Advisory Committee on Smaller Public Companies are recommending that firms with market capitalizations of less than $787 million get breaks on reporting their internal financial controls.
Small companies have complained that the costs of implementing Section 404 of the 2002 Sarbanes-Oxley Act are too high.
Committee members say the Securities and Exchange Commission should develop "scaled" or "proportional" regulation for two tiers of companies. The draft report says so-called "microcap" firms and "smallcap" companies should be subject to less-stringent regulations. Microcap companies are defined as having market capitalization of less than $128 million. The committee defines small cap companies as those with market capitalization of less than $787 million. A copy of the draft report was obtained by MarketWatch.
posted by Brian Moran @ 9:36 AM
Thursday, April 20, 2006
Webcast with AMR Research's John Hagerty -- 2006: The Year of Continuous Monitoring & SOX Optimization
Date: Wednesday May 10
Time: 2 p.m. EDT/ 11 a.m. PDT
Duration: 1 hour
To sustain Sarbanes-Oxley compliance from year-to-year, businesses must now shift their compliance efforts from manual controls and testing to automated controls and processes. For this reason, 2006 is The Year of Continuous Monitoring & SOX Optimization. AMR Research analyst John Hagerty leads a 60-minute discussion on how forward-looking businesses are implementing continuous monitoring solutions to sustain compliance and deliver business benefits from their SOX efforts. John will draw upon his research to share strategies and best practices for compliance and continuous controls monitoring.
Oversight CEO Patrick Taylor and an Oversight customer will then build upon John's research by sharing case studies of how real-time transaction inspection takes continuous controls monitoring to the next level with complete enterprise controls management by:
* Identifying control conflicts across all ERP systems and many feeder systems
* Validating control risks by analyze historical transactions
* Prioritizing remediation based on dollar-quantified risk
* Providing an ongoing mitigating control for SoD conflicts that cannot be eliminated (Real-Time Transaction Inspection)
* Identifying transaction errors and process breakdowns wherever they occur.
posted by Brian Moran @ 11:10 AM
Wednesday, April 19, 2006
Continuous Controls Monitoring
Oversight Systems takes continuous controls monitoring to the next level with real-time transaction inspection for defect-free financial processes. First, Oversight provides preventive controls to identify segregation of duties conflicts across your many financial systems and prioritize the thousands of potential problems based on actual risk. Oversight then provides real-time detective controls that inspect each step of every financial transaction for errors and control violations, so companies can address these issues when they are less complex and less costly to correct.
posted by Brian Moran @ 10:20 AM
Tuesday, April 18, 2006
CFOs Cash In on Stock-based Awards
Yahoo chief financial officer Susan Decker took home nearly $41 million in 2005, roughly $31 million of it from exercising stock options and selling the underlying shares. She was also awarded more than $7 million in restricted stock, four times as much as in 2004.
Decker also received a salary of $500,000, the same as last year, and a bonus of $1 million, $100,000 more than in 2004.
Stock-related compensation also played a major role in the total earnings of several other finance executives, according to proxies recently filed with the Securities and Exchange Commission.
posted by Brian Moran @ 9:58 AM
Monday, April 17, 2006
ESSENTIAL TECHNOLOGY: "CSI" for the Enterprise?
Electronic data discovery tools help investigate fraud, breaches and other bad behavior. But CIOs should approach them with caution.
As the senior security manager at Kimberly-Clark, Osborne is evaluating a tool from Oversight Systems that analyzes accounting information from SAP and other financial systems to detect fraud and errors both in current transactions and in past transactions stored in the SAP system. He's recommended that Kimberly-Clark seriously consider adopting the technology.
posted by Brian Moran @ 9:21 AM
Thursday, April 13, 2006
Sarbanes-Oxley effect now wearing off for auditors
When the Sarbanes-Oxley Act first reared its head in the wake of a rash of corporate scandals in the US, including Enron and WorldCom, it left many companies with quite a headache.
Auditors, however, must have been rubbing their hands with glee: more work in ensuring compliance with the new corporate governance laws meant higher fees after all.
The amount of non-audit work you could undertake with an audit client may have been restricted, but this loss of work could be picked up elsewhere, from other firms that also have to drop some services.
But the good times for auditors caused by the new rules now appear to be over, after a recent US study showed that audit fees have started to drop once again.
posted by Brian Moran @ 8:59 AM
Wednesday, April 12, 2006
Top 10 Procure-to-Pay Control Violations and Process Breakdowns
Top 10 Procure-to-Pay Control Violations and Process Breakdowns
Sarbanes-Oxley and global outsourcing have changed the game for finance executives. Control violations and process breakdowns use to be limited to the realm of Six Sigma black belts, but those days are gone.
Once just operational snags, procure-to-pay control violations and process breakdowns threaten a company’s Sarbanes-Oxley compliance and add extra expense to financial operations. Whether faulty segregation of duties or payment errors, both can land you in hot water with either your auditor or your cost-cutting, outsourcing-minded CFO.
With a broad base of Fortune 500 customers, Oversight Systems collected data to compile the 10 most common procure-to-pay control violations and process breakdowns.
1. Segregation of Duties
Companies are now devoting thousands of man hours to hunt down segregation of duties (SoD) conflicts within their financial systems and processes. However, they’re finding that the vast majority of these potential SoD risks have never actually been violated. Moreover, many of the SoD violations were executed to get relevant work accomplished – not fraud.
Some push the idea that every single SoD risk can be eliminated with better management of user access rights within your ERP systems. However, most financial processes don’t operate inside a vacuum of a single financial system or perfectly defined roles that eliminate all SoD conflicts. Real world compliance demands a complete closed-loop control system that identifies SoD conflicts across multiple systems, quantifies control risk based on how (and if) a control weakness is exploited, monitors known risks where SoD conflicts cannot be eliminated, and provides documented proof of control effectiveness.
2. Vendor File Management
Ask any accounts payable manager, and they’ll tell you about their headache maintaining clean and accurate master vendor files. Common errors pop up with duplicate vendor files for “IBM” and “International Business Machines”. Multiple billing addresses and delivery locations only magnify the issue. However, more troublesome problems arise when purchase orders are entered and approved for inactive or invalid vendors who lack proper credentials. This control weakness can easily lead to financial risk.
3. Payment Errors
As the final output of the procure-to-pay process, payments are the end product of a series of tasks and sub-processes. Erroneous payments are the final result of process breakdowns and control violations within those sub-processes – vendor maintenance, PO approvals, receipt of goods, vouching for the invoice, etc.
Duplicate payments often originate with duplicate vouchers. As companies process and vouch for incoming invoices, most financial systems are configured to prevent an exact duplicate from entering the system. However, most AP departments occasionally run into rush-job situations where it’s acceptable to circumvent the preventive system control by adding a simple dash or suffix to the end of a voucher number.
Besides duplicates, common payment errors also include misdirected payments where the name on the check or account number of a wire transfer does not match the corresponding fields in master vendor file.
4. Out of Sequence Transactions
Process breakdowns frequently occur from transactions that don’t follow the defined process flow. For example, an invoice “issued” date or voucher “created” date can predate the approval date of the corresponding purchase order. In this situation, authorization to pay the invoice is inferred from receipt of the invoice as opposed to approval of the purchase order.
5. Bad Data Inputs
Efficient procure-to-pay processes rely on accurate data inputs to the accounts payable system from all internal and external sources – from corporate purchasing to vendor invoicing. Bad data inputs introduce errors into the process that typically rely on manual intervention to detect and correct. In some cases, the incoming invoice or purchase order includes more “lines” than what the production system can accept. Monitoring systems can automate much of that work by analyzing the source data systems and the accounts payable production system.
6. Unvouchered Receipts
Breakdowns in the procure-to-pay process often accumulate in a company’s suspense account for “unvouchered receipts” – also known as GRNI or “goods received but not invoiced”. While companies must accurately accrue for available resources that have not been invoiced, this suspense account often grows over time as invoices don’t exactly match up against the original journal entry to the GRNI account. Errors in reconciling this account often lead to over booking of liabilities.
7. Procurement Card Policy Violations
Procurement cards – a.k.a. purchase cards or simply P-cards – provide a convenient solution for authorized employees to buy low value goods and services with a company “credit card.” While P-cards reduce the work and costs of the accounts payable department, policy violations can occur where employees circumvent their purchase limits by splitting a single purchase into multiple P-card transactions. However, more common mistakes and process breakdowns occur where a purchase order is issued for an item purchased with a P-card. Other common control policy violations occur when an employee mistakenly submits a receipt on an expense report for goods purchased with the company P-card.
8. Freight Accruals
Similar to unvouchered receipts, freight accruals must be accurately reconciled or will lead to misstating a liability. While also common in the order-to-cash process, errors in procure-to-pay freight accruals often arise when the projected freight costs are consistently overestimated or underestimated. Without matching the estimated freight costs with the actual costs of freight, companies have faced significant surprises when closing their books.
9. Unused Discounts & Credits
Purchasing departments and division heads work hard to secure discounts with their preferred vendors, and vendors often issue credits for returns and past mistakes. However, many companies never fully utilize their available discounts and credits. In many cases, business line managers issue and authorize purchase orders in a rush to get their projects accomplished without taking the time investigate the available discounts and credits. Accounts payable managers then execute on the approved POs without context of whether the company is overpaying its vendors.
10. Errors in Data Aggregation
With the end of every reporting period, accounts from the procure-to-pay process roll up into the general accounting systems. Depending on the company, this data aggregation includes multiple iterations of the same ERP system or integration of heterogeneous systems. In either case, errors and control violations occur in this data aggregation as information is formatted, manipulated in spreadsheets, reformatted and uploaded.
posted by Brian Moran @ 2:01 PM
Tuesday, April 11, 2006
The Real Value in Sarbanes-Oxley
Fear can be a powerful generator of upstanding conduct, say Stephen Wagner and Lee Dittmar. But business runs on discovering and creating value. In this month's Harvard Business Review, the co-authors discuss how smart companies are finding unexpected benefits in Sarbanes-Oxley compliance. Wagner, who is the managing partner of the U.S. Center for Corporate Governance at Deloitte & Touche, and Dittmar, who leads the enterprise governance consulting practice at Deloitte Consulting and co-leads its Sarbanes-Oxley practice, talked with Kathleen Melymuka about how your company can use compliance requirements to its advantage.
What were some of the big control gaps that early Sarbanes-Oxley compliance efforts uncovered?
WAGNER: One of requirements of internal controls is maintenance of records in reasonable detail that reflect transactions. We found [that] in many instances, control documentation was way behind or didn't exist. A second issue was "tone at the top" -- the communication that comes out of the boardroom and the CEO suite that sets the stage for the organization, including how it deals with ethical standards. We found that there was often very little communication across organizations around the importance of maintaining good controls. In some cases we found duplication of control activities that created inefficiency and less-than-effective controls. Lastly, we ran into the notion of unnecessary complexity in the extreme. Many companies are far more complicated than they need to be. In the IT area in particular, there was duplication of systems, multiple instances of ERP -- one division of a company had 200 financial accounting systems.
posted by Brian Moran @ 3:09 PM
Monday, April 10, 2006
Fraud Law Spurs Backlash, Integrity
When Carmen Requena's employer asked her to lead internal audits, she quickly learned that the job made her as popular as a meter maid.
Such audits had never been done at her midsize software company, and her team was formed in response to the demands of a stringent federal antifraud law known as the Sarbanes-Oxley Act.
"The very first meetings that I started to attend, people were sort of dragging their feet and not tremendously thrilled at what they had to do," she says.
But during the past 18 months, grudging reluctance has given way to acceptance and even the view that the rigorous new accounting standards entail benefits as well as costs for the company, Micros Systems in Columbia, Md.
It's a story that's been repeated in many corporations in the wake of the scandal at Enron Corp., which symbolized American dynamism until hidden losses forced it into sudden bankruptcy — and prompted Congress to enact the Sarbanes-Oxley legislation of 2002.
posted by Brian Moran @ 9:19 AM
Friday, April 07, 2006
Survey: SOX Compliance Costs Dropping, Average $3.8M
A new survey says that the average cost for the internal controls provisions of the Sarbanes-Oxley Act is $3.8 million, down 16.3 percent from last year and about halfway to the drop anticipated for the second year of compliance.
Financial Executives International polled 274 public companies with average revenues of $6 billion, 238 of which are accelerated filers. It was the fourth SOX compliance survey FEI has conducted since 2004.
According to the survey, many of the cost reductions can be attributed to fewer staff, less consultant time and reduced auditor fees from a year ago: internal staff time spent on the provisions decreased 11.8 percent; external costs, including software and consultant fees, but excluding primary auditor fees, fell 22.7 percent; and auditor attestation fees dropped 13 percent.
"There is still room for improvement. Based on the feedback from our members, it is clear that the degree of documentation is the No. 1 issue," said FEI president and chief executive Colleen Cunningham, in a statement.
The survey also found that 85 percent of the surveyed companies do not believe that the benefits of compliance with Section 404 have exceeded the costs. Top recommendations from executives on how the implementation of Section 404 could be made more efficient included reducing the degree of documentation required (67 percent of respondents) and allowing for greater reliance on internal audit data and resources (66 percent of respondents).
posted by Brian Moran @ 12:10 PM
Thursday, April 06, 2006
Segregation of Duties
Most financial processes don’t operate inside a vacuum of a single financial system or perfectly defined roles that eliminate all segregation of duties conflicts. Real world compliance demands a complete, closed-loop control system that identifies SoD conflicts across multiple systems, quantifies control risk based on how (and if) a control weakness is exploited, monitors known risks where SoD conflicts cannot be eliminated and provides documented proof of control effectiveness.
Oversight Systems takes continuous controls monitoring to the next level by combining user access rights testing with its patented real-time transaction inspection. Preventive controls combine with real-time detective controls to provide best practices in corporate governance, compliance and risk management.
Until Oversight, companies had to choose between controls software that either tested a single ERP system for SoD conflicts or analyzed historical transactions for control violations. However, our patented software builds upon each of these first generation technologies to:
* Identify SoD conflicts across heterogeneous financial systems
* Analyze all historical transactions to determine if SoDs were ever violated
* Prioritize corrective actions based on actual risk of where SoD violations have occurred
* Implement automated mitigating controls where SoD conflicts cannot be eliminated
posted by Brian Moran @ 11:01 AM
WEBINAR: Real-Time Transaction Inspection for Defect-Free Financial Processes
Date: Wednesday April 19
Time: 2 p.m. EST/ 11 a.m. PST
Duration: 45 minutes
Errors in day-to-day financial transactions consistently result in adjustments, reversals and rework. Real-Time Transaction Inspection takes continuous controls monitoring to the next level by automating the analysis of auditors across every transaction to deliver Defect-Free Financial Processes. While these errors originate from human errors, data roll-ups from multiple systems or process breakdowns, Real-Time Transaction Inspection analyzes each step of every financial transaction in real time for errors and control violations, so companies can address these issues when they are less complex and less costly to correct.
Oversight CEO Patrick Taylor leads a 45-minute discussion on the benefits of Real-Time Transaction Inspection for solving the process and compliance pains for:
* Segregation of Duties
* Unvouchered Receipts (Goods Received, Not Invoiced)
* Payment Errors
* Freight Accruals
* Discounts & Promotions
posted by Brian Moran @ 9:24 AM
Wednesday, April 05, 2006
Audit costs drop in US
Audit fees in the US, which rose sharply following the implementation of the 2002 Sarbanes-Oxley Act, have begun to fall, a report published in Compliance Week has revealed.
Large public companies (revenue of more than $5bn) in their second year of Sarbanes-Oxley compliance saw audit fees fall 0.6% in 2005, while overall, fees paid to external auditors fell by 7.4%.
The drop in audit costs contradicted reports in the Wall Street Journal which said that audit fees were still rising, albeit moderately.
posted by Brian Moran @ 9:24 AM
Tuesday, April 04, 2006
SEC rejects exemptions demand
Small companies in the US have failed to secure exemption from parts of the Sarbanes- Oxley Act which requires auditors to certify their compliance with federal laws.
An SEC panel had advised that only the largest 20% of public companies be subject to the checks, which would see auditors verifying systems for protecting assets, reporting financial information and complying with regulations.
But the Chicago Tribune reported today that SEC chairman Christopher Cox has now ruled out any exemption.
The move will disappoint lobbyists, including the US Chambers of Commerce, which had been campaigning for changes.
posted by Brian Moran @ 9:15 AM
Monday, April 03, 2006
Audit fees, SOX still socking companies
The pain was supposed to subside for companies after the first year of the Sarbanes-Oxley Act, as business pundits predicted that investments in pricey technologies and accounting infrastructure would peter out after taking a big, one-time bite out of Corporate America's bottom line.
The pundits were wrong. A Boston Business Journal analysis of 27 public companies in Massachusetts shows their auditing costs spiked 26 percent last year, bringing their total increase to 103 percent since SOX became effective in 2004. In total, the group spent $56.6 million on SOX and related auditing costs last year, or around 2 percent of their 2005 operating income.
posted by Brian Moran @ 4:48 PM