Tuesday, May 23, 2006
Segregating Duties: How software can help to address one of the bugaboos of compliance
One of the big themes in Sarbanes-Oxley (SOX) and other regulations is segregation of duties. The basic idea behind this is that no one person can gain the ability to perpetrate fraud or, for that matter, make sweeping mistakes; if many people are involved in a process, with each person responsible for a certain segment of it, this kind of risk can be mitigated.
Segregation of duties in a large enterprise can be a pretty complicated issue in practice because of the many possible violations. "We had a customer for whom we identified 8,000 conflicts," says Chris Rossie, VP of Business Development for Oversight Systems, by way of example.
posted by Brian Moran @ 4:15 PM
Monday, May 22, 2006
H.B. Fuller lauds Sarbanes-Oxley
Here's an interesting case study of a company that says its a stronger company after complying with SOX.
Many businesses have complained long and loudly that the costs of complying with the Sarbanes-Oxley Act exceed the benefits.
Might the reverse be true for their shareholders? Could these investors be faring better because of the stronger controls that the act requires businesses to put in place?
That's how it looks to the folks who run H.B. Fuller, theVadnaisHeights-basedadhesivesandspecialtychemicalsmaker.Theirshareholdersmightagree.And a study released early this month by the Lord & Benoit research and compliance firm suggests similar situations could prevail at many other publicly held companies.
Since January 2005, when Fuller first disclosed accounting irregularities in its Chilean operations, the company's stock has risen about 80 percent.
John Feenan, Fuller's chief financial officer, says the controls it installed to comply with the act helped the company deal with the trouble in Chile.
"At the end of the day, Sarbanes has been good for us," says Feenan. "It has definitely made us a stronger and better company."
posted by Brian Moran @ 9:01 AM
Piling on the pressure as Sarbanes costs bite
In Tom Brandt's office there are piles of ring binders, each about three inches thick. For Mr Brandt, chief financial officer of Nasdaq-listed TeleCommunications Systems, they are a laugh-able sign of the cost of complying with Section 404 of Sarbanes-Oxley (SOX).
The binders contain paperwork designed to prove that a mass of accounting, management and control procedures have been complied with – even down to descriptions of basic clerical procedures such as filling in vendor invoices.
posted by Brian Moran @ 8:59 AM
Friday, May 19, 2006
Lowering SOX Costs Through Scope Reduction
Here's a great piece from AMR Research on the changing methods for attaining SOX compliance.
Compliance costs for the Sarbanes-Oxley Act (SOX) remain in the $6B range for this year, decreasing ever so slightly from the prior year (see the AMR Research Alert article "SOX Spending for 2006 To Exceed $6B"). The appropriate use of technology can automate a lot of the activities done manually today, saving precious time and money. But there is another route to keeping a lid on expenses: reducing the scope of SOX-related work.
Taking a risk-based approach
Just about a year ago, the Public Company Accounting Oversight Board (PCAOB) issued advice to public companies that many have taken to heart: a risk-based approach should be used to determine the breadth and depth of any internal control work to support the constructs of SOX. The result has been that many companies have continuously streamlined their control frameworks to reflect this risk approach. This has, however, been an intellectual exercise, not one driven by technology.
posted by Brian Moran @ 2:51 PM
Tuesday, May 16, 2006
The Sarbanes-Oxley Debacle
In The Sarbanes-Oxley Debacle: What We've Learned; How to Fix It (AEI Press, 2006), Henry N. Butler and Larry E. Ribstein argue that the Sarbanes-Oxley Act of 2002 (SOX) has been a colossal failure. Enacted after the collapse of the Enron Corporation, the authors argue that Congress panicked and rushed into passing legislation that has had huge direct and indirect costs to the firms which must comply with the reporting rules.
The direct cost to companies complying with SOX's reporting rules has been widely estimated at $6 billion per year. Butler and Ribstein, however, argue that the indirect costs of SOX are in fact far greater: diversion of executives' attention from maximizing shareholder value; increased risk aversion by managers; distortion of executives' and directors' incentives and investment decisions; criminalization of corporate agency costs and mistakes; reduction of access to capital markets by entrepreneurs; and the crippling of the dynamic federalism that has created the best corporate governance structure in the world. Indeed, the best evidence to date indicates SOX imposes additional net losses totaling $1.1 trillion to the financial markets.
posted by Brian Moran @ 11:47 AM
Thursday, May 11, 2006
Oversight for Segregation of Duties
Risk-based Prevention & Automated Mitigating Controls
Real world compliance demands a complete, closed-loop control system that identifies segregation of duties conflicts across multiple systems, quantifies control risk based on how (and if) a control weakness is exploited, monitors known risks where segregation of duties conflicts cannot be eliminated and provides documented proof of control effectiveness.
Oversight Systems takes continuous controls monitoring to the next level by combining user access rights testing with its patented real-time transaction inspection. Preventive controls combine with real-time detective controls to provide best practices in corporate governance, compliance and risk management. Finally, a solution for segregation of duties in the real world.
Until Oversight, companies had to choose between controls software that either tested a single ERP system for segregation of duties conflicts or analyzed historical transactions for control violations. However, our patented software builds upon each of these first generation technologies to:
* Identify segregation of duties conflicts across heterogeneous financial systems
* Analyze all historical transactions to determine if segregation of duties were ever violated
* Prioritize corrective actions based on actual risk of where segregation of duties violations have occurred
* Automate mitigating controls where segregation of duties conflicts cannot be eliminated
posted by Brian Moran @ 9:28 AM
Monday, May 08, 2006
SEC to hear complaints over Sarbanes-Oxley law
Wedenesday will be the day for executives to vent their frustrations about SOX. However, I don't think we'll see any huge breaks for smaller public companies.
WASHINGTON (Reuters) - U.S. securities regulators will hear the business community's passionately held views this week on how to fix or kill post-Enron corporate reforms that many believe are hurting American competitiveness.
The landmark Sarbanes-Oxley law, approved by Congress in 2002 to restore investor confidence after a string of accounting scandals, is already under attack.
A challenge is pending in federal court and House Republicans are expected to introduce a bill this week that would roll back part of the law.
On Wednesday, the Securities and Exchange Commission and the Public Company Accounting Oversight Board will hold a meeting to hear company complaints that the costs of complying with the law far outweigh any benefits.
posted by Brian Moran @ 9:20 AM
Thursday, May 04, 2006
SOX should be adapted for smaller cos-SEC accountant
A few weeks ago it seemed like smaller companies would see some relief, but it looks like that was just a dream. Besides, smaller companies pose greater investment risk, so internal controls are just as important for them
NEW YORK, May 4 (Reuters) - Investors are seeing real benefits from the implementation of Sarbanes-Oxley corporate reforms, and small companies should not necessarily be exempted from the rules, the U.S. Security and Exchange Commission's top accountant said on Thursday.
Speaking at a financial reporting conference in New York, Scott Taub, acting chief accountant at the SEC, said that contrary to a recommendation from an SEC advisory committee that microcap and smaller companies should be exempted from certain parts of the law, Sarbanes-Oxley should be made to work for smaller companies.
posted by Brian Moran @ 5:25 PM
SEC Chief Accountant Defends 404
Here's an interesting article from CFO where the SEC is promoting more a "risk-based" approach to 404 and controls testing. For a year now, we've been hearing about this risk-based approach. I think it's finally starting to sink in, but we'll need the auditors carry this out ... and reduce their manual testing.
Admits SEC's cost estimates were "way off," but says companies are likely testing too many controls. He also says the concept of different rules for smaller companies is "difficult."
Ronald Fink, CFO.com
The Securities and Exchange Commission's acting chief accountant, Scott Taub, defended the SEC's implementation of Sarbanes-Oxley 404 today, suggesting soaring costs were due to overly detailed controls testing. Taub also threw more cold water on industry hopes that 404 might be modified for smaller companies.
"If you think 404 does nothing for fraud, you're doing it wrong," Taub told an audience Thursday morning at the Fifth Annual Financial Reporting Conference at the Zicklin School of business at Baruch College. In fact, he said, companies may indeed be missing implementing 404 incorrectly by failing to focus on those controls that pose "substantial risk."
posted by Brian Moran @ 3:18 PM
Non-US companies struggle to make Sarbanes-Oxley compliance sustainable in the longer term
Non-US companies that are required to comply with Section 404 of the Sarbanes-Oxley legislation for the first time this year, are so focused on the year one deadline that they are struggling to make the process sustainable for the future, according to a new survey from PricewaterhouseCoopers.
The survey 'Looking forward: evaluating early experiences with Sarbanes-Oxley' of some 36 Sarbanes-Oxley project leaders from large foreign private issuers (FPIs) suggests that the experiences of companies in the US, which struggled to embed compliance in year one, risk being repeated by FPIs.
There is a real danger that the excessive costs of compliance in year one will recur in following years unless companies take steps now to stand back and review the robustness of their controls and compliance structures.
Well over a third (44%) of respondents view their Section 404 compliance efforts as an entirely discrete piece of work, unconnected to other compliance activities and processes happening within the business. Although creating 'controls consciousness' is considered to be a medium-to-high priority for 86% of those surveyed, 31% state that this has not to date been gauged within the company. Similarly only 19% of respondents say that a formal mechanism exists for knowledge transfer from their Section 404 project team to management.
posted by Brian Moran @ 9:53 AM
Wednesday, May 03, 2006
Survey Shows Alarming Drop in CEO Transparency Since Enron Bankruptcy
CEO transparency in shareholder letters, a key indicator of CEO integrity, has substantially declined since the Enron bankruptcy and the passage of Sarbanes-Oxley legislation, according to an annual survey of investor communications. The 2005 Rittenhouse Candor Rankings(SM) survey found an increasing number of companies use more jargon, spin more information and make more confusing statements in shareholder letters than before the exposure of widespread corporate fraud in 2002.
L.J. Rittenhouse, President of andBEYOND Communications said, "The passage of Sarbanes-Oxley legislation in 2002 was intended to promote clear and transparent disclosure, but only 24 percent of the companies in our 2005 survey were awarded top marks in candor down from 57 percent in the 2002 survey. While many executives are certifying their results to comply with Sarbanes-Oxley, they are also publishing virtually unintelligible shareholder letters. If they cannot candidly articulate their goals and results, then how can they credibly walk their talk?"
posted by Brian Moran @ 10:44 AM
Monday, May 01, 2006
Governance: Sox Technology's Second Wave
By Laton McCartney, eWEEK
As companies seek to make Sarbanes-Oxley (Sox) compliance more efficient and sustainable, they are investing in a new wave of Sox-related software, says Paul Hamerman, vice president, enterprise applications at Forrester Research.
"During the first cycle of Sox 404 compliance, companies were under time constraints and weren't familiar with the new regulations," Hamerman says, referring to a requirement that publicly traded companies identify, test and document internal controls to prevent errors or fraudulent activities that affect the accuracy of financial statements. "As a result, they had to invent something on the fly or relied on in-house tools such as Excel spreadsheets or audit tools."
These makeshift tools weren't reusable. Moreover, while they captured the necessary data needed for compliance, that information couldn't be presented in a format that was useful from a management perspective, Hamerman says.
posted by Brian Moran @ 11:41 AM