|
|
|
Features
< Back
Sarbanes Oxley : Technology : Sarbanes Oxley
On the Technology Road to Sustainable Compliance
By
Harald Will
|
|
Harald Will
CEO
ACL Services
|
Compliance is here to stay. Despite many organizations? hope that requirements would be scaled back, as we enter year-two of life after Sarbanes-Oxley it?s clear that the bulk of the legislative requirements will not change. And while some companies recognize the need for a long-term solution, many organizations still maintain a short-term mindset when addressing ongoing compliance requirements.
A recent study highlighted that companies are reporting multiple challenges as a result of recent compliance mandates. Even though nearly 100 percent of companies polled recognized the need to reduce staff time and associated costs of compliance, only 40 percent of these organizations already have, or plan to, automate the testing of their controls this year. This leaves nearly 60 percent of these companies struggling to find the skilled resources necessary to test the myriad of internal controls present in any large organization. In the struggle to maintain compliance, companies must look beyond their initial investments and establish a long-term compliance strategy.
The Sarbanes-Oxley Act of 2002, Section 404, requires public companies to submit annual filings on their internal controls to the SEC. It also requires organizations to document and test the controls that directly impact their operational risks and obtain an annual attestation from their external auditors stating that the controls they have in place are working effectively. Based on a comprehensive 2005 compliance spending study by Boston-based AMR Research, companies will spend nearly $15.5B on compliance-related activities this year. Although a majority of those activities is focused on Sarbanes-Oxley (SOX), other regulations such as HIPPA, Basel II, document and record retention requirements, code of conduct and training requirements, FDA regulations, TREAD act, and SEC regulations, are also being equally addressed by business and IT departments. And the costs to organizations are understandably adding up.
The Cost of Compliance
As companies implement compliance mandates, they are also faced with budgetary concerns. Both external consultants and internal staff time are eating up a huge chunk of the SOX budget within most organizations. For the most part, a majority of companies plan to either improve or maintain the compliance functionality they already have in place. In the same study by AMR Research, compliance solutions are either in place or underway for at least 73 percent of companies surveyed, while others are still evaluating compliance solutions for future deployment. Only a minimal number are at the stage of actually replacing solutions.
The current trend is to allocate a separate budget specifically for compliance. However, some companies also use funds from their general operations budget, general IT budget, or general finance budget to fund compliance-related activities. On average, spending on compliance- related activities is about $500K to $1M, with most of the funds being spent on internal man-power or outsourcing to consultants. Sarbanes-Oxley and document and record retention requirements are the two most important mandates companies plan to address in 2005. According to the survey conducted by ACL Services and the Center for Continuous Auditing (CCA), more than 95 percent of companies polled report that a ?reduction of staff time and associated costs to test internal controls? is critical in maintaining effective SOX 404 compliance.
Options for Compliance Solutions
Sarbanes-Oxley has further broadened the scope of internal audit operations and responsibilities. It is critical for internal auditors to test complete data files for control issues and noteworthy exceptions. Some of the business challenges companies have come across include, identifying hidden control weaknesses in large data populations, and gaining reliable access to large volumes of data.
Traditionally, companies have brought in third party consulting firms to comb through the data, assess the effectiveness of internal controls and identify control weaknesses. However this presents an additional and very expensive cost on top of the already high costs of annual auditing practices.
Many analyst firms, including AMR Research, believe that utilizing technology to achieve and maintain compliance is the best option for most companies. Leveraging technology designed specifically for regulatory compliance is not only the most cost-effective option, but also is the best option for establishing a long-term compliance strategy.
Using continuous controls monitoring (CCM) technology has proven to be a key component in satisfying Section 404 requirements for Martin Marietta Materials, a leading US manufacturer of magnesia-based chemical products. CCM technology has allowed their audit department to run consistent audit test scripts on a quarterly basis, quickly complete its data analyses and promptly release comprehensive information to management. Martin Marietta Materials? audit team uses such technology to conduct process flow audits that analyze company systems through every step of the transaction process, review general ledger transactions on a quarterly basis, move toward CCM for specific business areas and analyze large data files without compromising the ERP system performance or source data integrity.
CCM technology has also enabled TELUS Communications to eliminate the need for their third party consulting firm. The testing and monitoring conducted by the consulting firm has now been automated with CCM technology, and is also being done much more efficiently and effectively. Not only was TELUS able to cut costs, but it was also able to pay for the technology investment and generate ROI in six months. It did this by finding duplicate and other irregular payments and stopping them before TELUS had issued the checks ? providing twofold cost savings.
?Continuous controls monitoring significantly enhances our overall level of business assurance,? says Gary Silsbe, Director of Operations Excellence at TELUS Communications. ?By reviewing our transactions on a regular basis, we know that every payment is legitimate and represents a valid business purpose.?
Market research has identified that a significant number of companies are experiencing challenges in completing the testing component of the compliance process, and now have the opportunity to find alternative solutions to effectively address this issue. CCM technology tests the effectiveness of controls for entire business process areas at the transactional data level. Investing in this technology enables integration of compliance frameworks, improves corporate accountability and enhances financial reporting transparency. CCM also increases productivity through, expanded coverage, increased automation, and minimized revenue leakage.
CCM is a cost-effective solution for testing controls at the transactional level and improving profitability while also supporting overall good corporate governance. Improving confidence in enterprise data, validating controls effectiveness and optimizing controls and related business processes are at the top of every CFO?s to-do list, and should be given an even higher priority with the advent of Sarbanes-Oxley and other compliance regulations. By using CCM solutions, companies will achieve sustainable compliance and can see a return on their compliance investment that will ultimately benefit the bottom line today and in the future.
Harald Will
CEO
ACL Services
Harald Will is the President and CEO of ACL Services Ltd., and is responsible for the strategic vision and direction for the company. ACL (www.acl.com) is the leading global provider of audit and continuous controls monitoring solutions to financial executives and audit professionals. Combining market-leading software and professional services expertise, ACL gives organizations confidence in the reliability, accuracy, and integrity of the data underlying their increasingly complex business operations.
Since 1987, ACL's proven solutions have enabled financial decision-makers to assure controls compliance, reduce risk, detect fraud, minimize losses, enhance profitability, and achieve fast payback. With an international customer base including 90 of Fortune 100 companies and over half of the Global 500, ACL solutions are delivered in more than 150 countries through a global network of ACL offices and channel partners, and are used in hundreds of national, state, and local governments and by the Big Four public accounting firms.
|
|
|
|
|
